Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
bGcxY1mXHe.exe

Overview

General Information

Sample name:bGcxY1mXHe.exe
renamed because original name is a hash value
Original sample name:f748d14f449da06b028b4617ca2142cd.exe
Analysis ID:1577871
MD5:f748d14f449da06b028b4617ca2142cd
SHA1:622ca7c30e41a9171069c894766ea343bd726b8b
SHA256:22d61f9877ded908bb98941c84a0c88295b08ea1541f97f722c2ceb008dc1399
Tags:exeuser-abuse_ch
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Machine Learning detection for sample
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Detected potential crypto function
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64
  • bGcxY1mXHe.exe (PID: 6048 cmdline: "C:\Users\user\Desktop\bGcxY1mXHe.exe" MD5: F748D14F449DA06B028B4617CA2142CD)
    • WerFault.exe (PID: 2496 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 1300 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: http://ws.nbys.com.tr/nbys.aspx?f=aile_hekimligi/aktarim/GFirebirdSql.Data.FirebirdClient.dllAvira URL Cloud: Label: malware
Multi AV Scanner detection for submitted file
Source: bGcxY1mXHe.exeReversingLabs: Detection: 36%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
Machine Learning detection for sample
Source: bGcxY1mXHe.exeJoe Sandbox ML: detected
Source: bGcxY1mXHe.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: bGcxY1mXHe.exe, 00000000.00000002.2243165833.0000000001291000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: HP<o0C:\Windows\mscorlib.pdb source: bGcxY1mXHe.exe, 00000000.00000002.2242689293.0000000000F36000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.Xml.ni.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: bGcxY1mXHe.exe, 00000000.00000002.2243165833.0000000001324000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdb source: bGcxY1mXHe.exe, 00000000.00000002.2243165833.00000000012C0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb: source: bGcxY1mXHe.exe, 00000000.00000002.2243165833.00000000012C0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Accessibility.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: System.ni.pdbRSDS source: WER712D.tmp.dmp.4.dr
Source: Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdbes i source: bGcxY1mXHe.exe, 00000000.00000002.2243165833.00000000012C0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdb. source: bGcxY1mXHe.exe, 00000000.00000002.2243165833.00000000012C0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Configuration.ni.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: mscorlib.ni.pdbRSDS source: WER712D.tmp.dmp.4.dr
Source: Binary string: C:\Users\user\Desktop\bGcxY1mXHe.PDB source: bGcxY1mXHe.exe, 00000000.00000002.2242689293.0000000000F36000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.Runtime.Remoting.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: System.Configuration.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: bGcxY1mXHe.exe, 00000000.00000002.2243165833.0000000001324000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Xml.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: System.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdb source: bGcxY1mXHe.exe, 00000000.00000002.2243165833.00000000012C0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Xml.ni.pdbRSDS# source: WER712D.tmp.dmp.4.dr
Source: Binary string: System.Core.ni.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: Microsoft.VisualBasic.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: uic.pdb source: bGcxY1mXHe.exe, 00000000.00000002.2242689293.0000000000F36000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: %%.pdb source: bGcxY1mXHe.exe, 00000000.00000002.2242689293.0000000000F36000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.Windows.Forms.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: System.Windows.Forms.pdbxX source: WER712D.tmp.dmp.4.dr
Source: Binary string: System.Drawing.pdb0 source: WER712D.tmp.dmp.4.dr
Source: Binary string: mscorlib.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: mscorlib.pdbAccessibility.dllSystem.Runtime.Remoting.dllSystem.Runtime.Remoting.dll source: WER712D.tmp.dmp.4.dr
Source: Binary string: System.Drawing.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: mscorlib.ni.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\mscorlib.pdb source: bGcxY1mXHe.exe, 00000000.00000002.2243165833.00000000012C0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Core.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: NBYS AH.NET.pdb source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmp, WER712D.tmp.dmp.4.dr
Source: Binary string: Accessibility.pdbMZ@ source: WER712D.tmp.dmp.4.dr
Source: Binary string: \??\C:\Users\user\Desktop\bGcxY1mXHe.PDB* source: bGcxY1mXHe.exe, 00000000.00000002.2243165833.0000000001291000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb.j source: bGcxY1mXHe.exe, 00000000.00000002.2243165833.00000000012C0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER712D.tmp.dmp.4.dr
Source: Binary string: System.ni.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: System.pdb8 source: WER712D.tmp.dmp.4.dr
Source: Binary string: System.Core.ni.pdbRSDS source: WER712D.tmp.dmp.4.dr
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: devam etmektedir.&tc==http://www.facebook.com/NBYSAH3http://twitter.com/nbysah{0 equals www.facebook.com (Facebook)
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: devam etmektedir.&tc==http://www.facebook.com/NBYSAH3http://twitter.com/nbysah{0 equals www.twitter.com (Twitter)
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ahuzem.ybu.edu.tr/login/index.phpwAile
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://eradyoloji.saglik.gov.tr/TeletipServlet?tcNo=
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mobilws.nbys.com.tr/NBYS_MobilWS.asmx
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sbu2.saglik.gov.tr/drbilgi)Doktor
Source: bGcxY1mXHe.exe, 00000000.00000002.2244340371.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Amcache.hve.4.drString found in binary or memory: http://upx.sf.net
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ws.nbys.com.tr/NBYS-WS/NBYS_AHWS.asmx
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ws.nbys.com.tr/NBYS-WS/NBYS_AHWS.asmx1
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ws.nbys.com.tr/inet.asp
Source: bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ws.nbys.com.tr/nbys.aspx?f=aile_hekimligi/
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ws.nbys.com.tr/nbys.aspx?f=aile_hekimligi/EB/
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ws.nbys.com.tr/nbys.aspx?f=aile_hekimligi/Forms/?
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ws.nbys.com.tr/nbys.aspx?f=aile_hekimligi/aktarim/GFirebirdSql.Data.FirebirdClient.dll
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ws.nbys.com.tr/nbys.aspx?f=aile_hekimligi/logo/)Kullanmak
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ws.nbys.com.tr/nbys.aspx?f=aile_hekimligi/rtf/
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ws.nbys.com.tr/nbys.aspx?f=aile_hekimligi/rtf/UstYazi.rtf
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ws.nbys.com.tr/nbys.aspx?f=aile_hekimligi/yardimci/
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.gmail.comYe-Posta
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.hsm.gov.tr)#LblKullaniciNesne
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.kamusm.gov.tr/islemler/sertifikami_aldim_ne_yapmaliyim-MUAYENE
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.merkezlab.com)#LblKullaniciBilgi
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ttrehber.turktelekom.com.tr
Source: bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/#
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/A1
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/AHKontrol
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/AKareKod
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/ASM_HekimVeriGonder
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/ASM_HekimVerileriniGonder
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/Aa
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/AktarimLog
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/AktivasyonKodu
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/AktivasyonKontrol
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/AktivasyonVeBayiKontrol
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/Bayiler
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/BursaDiyabet
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/CEkle
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/CSorgula
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/DSAct
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/DegreDosyalariAl
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/DegreKontrol
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/Duyurular
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/EExtra
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/GuncellemeAl
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/GuncellemeAlKurulum
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/GuncellemeAl_ASM
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/GuncellemeAl_ASMNET
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/GuncellemeAl_HSTS
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/GuncellemeAl_ORTAKEXE
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/GuncellemeOnayla
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/GuncellemeOnayla_ASM
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/GuncellemeleriAl_ASM
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/GuncellemeleriOnayla
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/HSTSDurum
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/HekimKodu
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/HekimKoduIlIle
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/HekimVerileriniGonder
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/IPAdresiGetir
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/ImportVersion
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/KontrolKurulum
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/KurulumKontrol
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/KurumAd
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/Logg
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/LoggA
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/M_MLog
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/M_MNot
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/M_MUsr
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/M_MUsrU
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/M_OLog
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/M_OLogA
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/MerkezKontrol
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/MerkezKontrol_ASM
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/Merkez_Kontrol
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/MessageGetSet
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/MobilSMSGet
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/MobilSMSSet
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/OMC
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/O_SS1
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/OrtakASM
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/OrtakASMs
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/OrtakDosyalariAl
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/OrtakIl
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/OrtakKur
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/SMDll
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/SRDll
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/SUTList
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/SUTList1
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/ServiceDateTime
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/SetSystem
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/SifremiUnuttum
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/SozlesmeRTF
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/Sozlesme_Onayla
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/Sozlesme_RTF
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/T
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/TU
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/UDT
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/VeriGeriYuklemeBildir
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/VeriGeriYuklemeBildir2
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/haber/
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/maps/multimaps.php
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uludagbilisim.com/maps/singlemap.php?adres=
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/SignUp?service=mail&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F&ltmp
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ats.saglik.gov.tr
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://eposta.saglik.gov.tr
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://maps.google.com?q=
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rbs.saglik.gov.tr)Re
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://recetem.enabiz.gov.tr
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sina.saglik.gov.tr/#/loginsMerkez
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=Uhttps://tts.voicetech.yandex.net/tts?text=
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeCode function: 0_2_015711680_2_01571168
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeCode function: 0_2_0157EB0C0_2_0157EB0C
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 1300
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNBYS AH.NET.exe8 vs bGcxY1mXHe.exe
Source: bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNBYS AH.NET.exe8 vs bGcxY1mXHe.exe
Source: bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameNBYS AH.NET.exe8 vs bGcxY1mXHe.exe
Source: bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNBYS AH.NET.exe8 vs bGcxY1mXHe.exe
Source: bGcxY1mXHe.exe, 00000000.00000000.2149029765.0000000000B9E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameNBYS AH.NET.exe8 vs bGcxY1mXHe.exe
Source: bGcxY1mXHe.exe, 00000000.00000002.2243165833.000000000125E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs bGcxY1mXHe.exe
Source: bGcxY1mXHe.exeBinary or memory string: OriginalFilenameNBYS AH.NET.exe8 vs bGcxY1mXHe.exe
Source: bGcxY1mXHe.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: bGcxY1mXHe.exe, 00000000.00000002.2243165833.00000000012C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb:
Source: classification engineClassification label: mal64.winEXE@2/5@0/0
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeMutant created: NULL
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6048
Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\27f1944e-fb06-4f95-97e4-2cbf54b01e9aJump to behavior
Source: bGcxY1mXHe.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: bGcxY1mXHe.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO Muayene_Islem (MuayeneId, IslemId, Miktar, Aciklama, UserId, EditDateTime) SELECT G, I.IslemId, I.Miktar, I.Aciklama, o FROM Muayene_Islem I INNER JOIN SKRS_SUT S ON S.Tur = ! AND I.Durum = 1;, IslemId, Miktar, Aciklama, O FROM Muayene_Islem WHERE (MuayeneId =
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM (CAND NOT EXISTS (SELECT EM.HastaId;AND EXISTS (SELECT EM.HastaId;M.Tarih AS KBAS, NULL AS KDEV;NULL AS KBAS, M.Tarih AS KDEV9M.Tarih AS UBAS,NULL AS UDEV9NULL AS UBAS,M.Tarih AS UDEVW) AS MV ORDER BY MV.Id,MV.MuayeneTarih DESC] PROF0
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT T.Ad, D.Tarih FROM Hasta_Detay D INNER JOIN SKRS_@ T ON T.Id = D.TurId WHERE (D.HastaId = ;) AND (D.Tur = #) ORDER BY Ad
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT D.Id AS DilekceId,H.Id AS HastaTc, (H.Ad + ' ' + H.Soyad) AS HastaAd, H.DogumTarihi, HO.Email, ISNULL(SS.Ad,'') AS Sebep, D.Aciklama, ISNULL(HO.GSM,'') AS Gsm, ISNULL(HO.EvTelefon,'') AS EvTelefon, D.Tarih, ISNULL(HO.EvAdresId,0) AS EvAdresId, ISNULL(HO.EvAdres,'') AS EvAdres, ISNULL(Y.Ad,'') AS Yakinlik, D.Sayi FROM Dilekce D INNER JOIN Dilekce_Hasta DH ON DH.DilekceId = D.Id INNER JOIN Hasta H ON H.Id = DH.HastaId INNER JOIN Hasta_Ozluk HO ON HO.HastaId = H.Id LEFT OUTER JOIN SKRS_Parametre Y ON Y.Id = H.ReisYakinlik LEFT OUTER JOIN SKRS_Parametre SS ON SS.Id = D.Sebep WHERE D.Id = ;A0
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT Id, Ad, Soyad, ISNULL(Reis, Id) AS ReisId, TUIKAdresNo FROM Hasta WHERE Id = ; HANE HALKI ANAMNEZ B0
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO Dilekce (Id, Tur, Sayi, Tarih, Sebep, Adres, Aciklama, AHAd, AHBirim, AHBolge) VALUES (;
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT S.Kod, S.Ad FROM SKRS_Ilac_ATC A INNER JOIN SKRS_ATC S ON S.Id = A.ATCId WHERE A.IlacId = ; adl1
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(0) FROM Dilekce D INNER JOIN Dilekce_Hasta DH ON DH.DilekceId = D.Id WHERE (D.Tur = 0) AND (NOT EXISTS(SELECT HA.AHId FROM Hasta_AH HA WHERE (HA.HastaId = DH.HastaId) AND (HA.Tarih >= D.Tarih) AND (HA.AHId <> ; AND (MI.KurumId IS NOT NULL)
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT (SI.Kod + ' - ' + SI.Ad + (CASE WHEN LEN(MT.Aciklama) > 0 THEN ' (' + MT.Aciklama + ')' ELSE '' END)) AS Ad FROM Muayene_Tani MT INNER JOIN SKRS_ICD10 SI ON MT.ICD10Id = SI.Id WHERE (MT.MuayeneId = S) AND (MT.Durum = 1) ORDER BY MT.Tur DESC;ICD KODU VE TANI/BULGU(LAR) :
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT M.Id, M.ProtokolNo, M.Tahlil FROM Muayene M INNER JOIN Muayene_Islem I ON (I.MuayeneId = M.Id) And (I.Gonderim Is NULL) And (I.Durum = 1)INNER JOIN SKRS_SUT T On (T.Id = I.IslemId) And (T.Grup = ;) And (Not T.AltGrup BETWEEN
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(DISTINCT HE.Id) FROM HalkEgitim HE INNER JOIN SKRS_Parametre SP ON HE.Konu = SP.Id WHERE #(HE.MobilDurum = ;(HE.YerindeDurum IS NOT NULL)
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT TOP 1 S.IcMiktar FROM Malzeme_Islem_Asi A INNER JOIN Malzeme_Islem I ON I.Id = A.MalzemeIslemId INNER JOIN Malzeme_Detay D ON D.Id = I.MalzemeDetayId INNER JOIN SKRS_Malzeme S ON S.Id = D.MalzemeId WHERE A.Asi = ; ORDER BY I.EditDateTime DESC'Miktar girilmemi_
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT S.@Id, S.Ad, S.Kod,(SELECT COUNT(0) FROM Hasta_Ozluk HO INNER JOIN Hasta H ON (H.Id = HO.HastaId) AND (H.AHId = ;) WHERE #) AS Extra1 FROM $ S
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT M.*,MI.*, H.Id AS TCKimlikNo, (H.Ad + ' ' + H.Soyad) AS Hasta, H.BabaAd,C.Ad AS Cinsiyet,S.Ad As SGKAd,H.DogumTarihi, ISNULL(HO.Email,'') AS Email,(ISNULL(A.Ad,'') + ' ' + HO.EvAdres) AS Adres FROM Muayene M INNER JOIN Muayene_IzlemKadin MI ON M.Id=MI.MuayeneId INNER JOIN Hasta H ON H.Id = M.HastaId INNER JOIN Hasta_Ozluk HO ON HO.HastaId = H.Id INNER JOIN SKRS_Parametre C ON H.Cinsiyet = C.Id INNER JOIN SKRS_Parametre S ON HO.SGK = S.Id LEFT OUTER JOIN SKRS_Adres A ON HO.EvAdresId = A.Id WHERE M.Id = ;15-49 Ya_
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT Id, Aciklama, DosyaAdi FROM Tanim_User_Shortcuts WHERE (UserId = q) AND (Grup = @) AND (Durum = 1) ORDER BY Grup, Aciklama;) AND (Durum = 1) ORDER BY Ad+Gezici Hizmet B
Source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT H.Ad + ' ' + H.Soyad AS AdSoyad, HO.KanGrup FROM Hasta H LEFT OUTER JOIN Hasta_Ozluk HO ON H.Id = HO.HastaId WHERE H.Id = kUPDATE Hasta_Kadin SET EsId = NULL, EsYakinlik = NULL;Akrabal1
Source: bGcxY1mXHe.exeReversingLabs: Detection: 36%
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeFile read: C:\Users\user\Desktop\bGcxY1mXHe.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\bGcxY1mXHe.exe "C:\Users\user\Desktop\bGcxY1mXHe.exe"
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 1300
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: bGcxY1mXHe.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: bGcxY1mXHe.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: bGcxY1mXHe.exeStatic file information: File size 3422208 > 1048576
Source: bGcxY1mXHe.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x33ae00
Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: bGcxY1mXHe.exe, 00000000.00000002.2243165833.0000000001291000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: HP<o0C:\Windows\mscorlib.pdb source: bGcxY1mXHe.exe, 00000000.00000002.2242689293.0000000000F36000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.Xml.ni.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: bGcxY1mXHe.exe, 00000000.00000002.2243165833.0000000001324000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdb source: bGcxY1mXHe.exe, 00000000.00000002.2243165833.00000000012C0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb: source: bGcxY1mXHe.exe, 00000000.00000002.2243165833.00000000012C0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Accessibility.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: System.ni.pdbRSDS source: WER712D.tmp.dmp.4.dr
Source: Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdbes i source: bGcxY1mXHe.exe, 00000000.00000002.2243165833.00000000012C0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdb. source: bGcxY1mXHe.exe, 00000000.00000002.2243165833.00000000012C0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Configuration.ni.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: mscorlib.ni.pdbRSDS source: WER712D.tmp.dmp.4.dr
Source: Binary string: C:\Users\user\Desktop\bGcxY1mXHe.PDB source: bGcxY1mXHe.exe, 00000000.00000002.2242689293.0000000000F36000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.Runtime.Remoting.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: System.Configuration.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: bGcxY1mXHe.exe, 00000000.00000002.2243165833.0000000001324000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Xml.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: System.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdb source: bGcxY1mXHe.exe, 00000000.00000002.2243165833.00000000012C0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Xml.ni.pdbRSDS# source: WER712D.tmp.dmp.4.dr
Source: Binary string: System.Core.ni.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: Microsoft.VisualBasic.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: uic.pdb source: bGcxY1mXHe.exe, 00000000.00000002.2242689293.0000000000F36000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: %%.pdb source: bGcxY1mXHe.exe, 00000000.00000002.2242689293.0000000000F36000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.Windows.Forms.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: System.Windows.Forms.pdbxX source: WER712D.tmp.dmp.4.dr
Source: Binary string: System.Drawing.pdb0 source: WER712D.tmp.dmp.4.dr
Source: Binary string: mscorlib.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: mscorlib.pdbAccessibility.dllSystem.Runtime.Remoting.dllSystem.Runtime.Remoting.dll source: WER712D.tmp.dmp.4.dr
Source: Binary string: System.Drawing.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: mscorlib.ni.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: \??\C:\Windows\mscorlib.pdb source: bGcxY1mXHe.exe, 00000000.00000002.2243165833.00000000012C0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Core.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: NBYS AH.NET.pdb source: bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmp, WER712D.tmp.dmp.4.dr
Source: Binary string: Accessibility.pdbMZ@ source: WER712D.tmp.dmp.4.dr
Source: Binary string: \??\C:\Users\user\Desktop\bGcxY1mXHe.PDB* source: bGcxY1mXHe.exe, 00000000.00000002.2243165833.0000000001291000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb.j source: bGcxY1mXHe.exe, 00000000.00000002.2243165833.00000000012C0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER712D.tmp.dmp.4.dr
Source: Binary string: System.ni.pdb source: WER712D.tmp.dmp.4.dr
Source: Binary string: System.pdb8 source: WER712D.tmp.dmp.4.dr
Source: Binary string: System.Core.ni.pdbRSDS source: WER712D.tmp.dmp.4.dr
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeMemory allocated: 1210000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeMemory allocated: 2FF0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeMemory allocated: 2D60000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeMemory allocated: 55E0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeMemory allocated: 5430000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeMemory allocated: 86E0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeMemory allocated: 96E0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeMemory allocated: 99F0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeMemory allocated: A9F0000 memory reserve | memory write watchJump to behavior
Source: Amcache.hve.4.drBinary or memory string: VMware
Source: Amcache.hve.4.drBinary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin
Source: Amcache.hve.4.drBinary or memory string: VMware, Inc.
Source: Amcache.hve.4.drBinary or memory string: VMware20,1hbin@
Source: Amcache.hve.4.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.4.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.4.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.4.drBinary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
Source: Amcache.hve.4.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.4.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.4.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.4.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.4.drBinary or memory string: vmci.sys
Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin`
Source: Amcache.hve.4.drBinary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.4.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.4.drBinary or memory string: VMware20,1
Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.4.drBinary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.4.drBinary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.4.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.4.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.4.drBinary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.4.drBinary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.4.drBinary or memory string: VMware Virtual RAM
Source: Amcache.hve.4.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.4.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeQueries volume information: C:\Users\user\Desktop\bGcxY1mXHe.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\bGcxY1mXHe.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.4.drBinary or memory string: msmpeng.exe
Source: Amcache.hve.4.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.4.drBinary or memory string: MsMpEng.exe

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		2
Virtualization/Sandbox Evasion		OS Credential Dumping21
Security Software Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Disable or Modify Tools		LSASS Memory2
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager12
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
bGcxY1mXHe.exe37%ReversingLabs
bGcxY1mXHe.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.uludagbilisim.com/M_MUsrU0%Avira URL Cloudsafe
https://sina.saglik.gov.tr/#/loginsMerkez0%Avira URL Cloudsafe
http://www.ttrehber.turktelekom.com.tr0%Avira URL Cloudsafe
http://www.uludagbilisim.com/Logg0%Avira URL Cloudsafe
http://www.uludagbilisim.com/GuncellemeAl_ASMNET0%Avira URL Cloudsafe
http://www.uludagbilisim.com/LoggA0%Avira URL Cloudsafe
http://www.uludagbilisim.com/OrtakKur0%Avira URL Cloudsafe
http://www.uludagbilisim.com/A10%Avira URL Cloudsafe
http://www.uludagbilisim.com/GuncellemeleriAl_ASM0%Avira URL Cloudsafe
http://www.uludagbilisim.com/GuncellemeAl_ASM0%Avira URL Cloudsafe
http://www.uludagbilisim.com/CEkle0%Avira URL Cloudsafe
http://www.uludagbilisim.com/MerkezKontrol0%Avira URL Cloudsafe
http://www.uludagbilisim.com/M_MNot0%Avira URL Cloudsafe
http://www.uludagbilisim.com/DegreKontrol0%Avira URL Cloudsafe
http://www.uludagbilisim.com/O_SS10%Avira URL Cloudsafe
http://ws.nbys.com.tr/nbys.aspx?f=aile_hekimligi/yardimci/0%Avira URL Cloudsafe
http://www.uludagbilisim.com/SMDll0%Avira URL Cloudsafe
http://www.uludagbilisim.com/OrtakDosyalariAl0%Avira URL Cloudsafe
http://ws.nbys.com.tr/nbys.aspx?f=aile_hekimligi/rtf/UstYazi.rtf0%Avira URL Cloudsafe
http://www.uludagbilisim.com/DSAct0%Avira URL Cloudsafe
http://www.uludagbilisim.com/AHKontrol0%Avira URL Cloudsafe
http://www.gmail.comYe-Posta0%Avira URL Cloudsafe
http://www.uludagbilisim.com/SifremiUnuttum0%Avira URL Cloudsafe
http://www.uludagbilisim.com/MerkezKontrol_ASM0%Avira URL Cloudsafe
http://www.uludagbilisim.com/Sozlesme_RTF0%Avira URL Cloudsafe
http://www.uludagbilisim.com/EExtra0%Avira URL Cloudsafe
http://www.uludagbilisim.com/Sozlesme_Onayla0%Avira URL Cloudsafe
http://eradyoloji.saglik.gov.tr/TeletipServlet?tcNo=0%Avira URL Cloudsafe
http://www.uludagbilisim.com/GuncellemeAlKurulum0%Avira URL Cloudsafe
http://ws.nbys.com.tr/nbys.aspx?f=aile_hekimligi/aktarim/GFirebirdSql.Data.FirebirdClient.dll100%Avira URL Cloudmalware
http://www.merkezlab.com)#LblKullaniciBilgi0%Avira URL Cloudsafe
http://ws.nbys.com.tr/nbys.aspx?f=aile_hekimligi/Forms/?0%Avira URL Cloudsafe
http://www.uludagbilisim.com/AktivasyonKodu0%Avira URL Cloudsafe
http://www.uludagbilisim.com/GuncellemeAl_HSTS0%Avira URL Cloudsafe
http://www.uludagbilisim.com/GuncellemeleriOnayla0%Avira URL Cloudsafe
http://www.uludagbilisim.com/OMC0%Avira URL Cloudsafe
http://www.uludagbilisim.com/OrtakASMs0%Avira URL Cloudsafe
http://ws.nbys.com.tr/nbys.aspx?f=aile_hekimligi/rtf/0%Avira URL Cloudsafe
http://www.uludagbilisim.com/SozlesmeRTF0%Avira URL Cloudsafe
http://www.uludagbilisim.com/HekimVerileriniGonder0%Avira URL Cloudsafe
http://www.uludagbilisim.com/M_MUsr0%Avira URL Cloudsafe
http://www.uludagbilisim.com/M_OLogA0%Avira URL Cloudsafe
http://sbu2.saglik.gov.tr/drbilgi)Doktor0%Avira URL Cloudsafe
http://www.uludagbilisim.com/BursaDiyabet0%Avira URL Cloudsafe
http://www.uludagbilisim.com/AKareKod0%Avira URL Cloudsafe
https://ats.saglik.gov.tr0%Avira URL Cloudsafe
http://ahuzem.ybu.edu.tr/login/index.phpwAile0%Avira URL Cloudsafe
http://www.uludagbilisim.com/DegreDosyalariAl0%Avira URL Cloudsafe
http://www.uludagbilisim.com/ImportVersion0%Avira URL Cloudsafe
http://www.uludagbilisim.com/Duyurular0%Avira URL Cloudsafe
http://www.uludagbilisim.com/Bayiler0%Avira URL Cloudsafe
http://www.uludagbilisim.com/AktarimLog0%Avira URL Cloudsafe
https://recetem.enabiz.gov.tr0%Avira URL Cloudsafe
http://www.uludagbilisim.com/HSTSDurum0%Avira URL Cloudsafe
http://www.uludagbilisim.com/IPAdresiGetir0%Avira URL Cloudsafe
http://www.uludagbilisim.com/maps/singlemap.php?adres=0%Avira URL Cloudsafe
http://ws.nbys.com.tr/inet.asp0%Avira URL Cloudsafe
http://www.hsm.gov.tr)#LblKullaniciNesne0%Avira URL Cloudsafe
http://www.uludagbilisim.com/AktivasyonVeBayiKontrol0%Avira URL Cloudsafe
http://www.uludagbilisim.com/AktivasyonKontrol0%Avira URL Cloudsafe
http://ws.nbys.com.tr/nbys.aspx?f=aile_hekimligi/0%Avira URL Cloudsafe
http://www.uludagbilisim.com/KurulumKontrol0%Avira URL Cloudsafe
http://www.uludagbilisim.com/KurumAd0%Avira URL Cloudsafe
http://www.uludagbilisim.com/Merkez_Kontrol0%Avira URL Cloudsafe
http://www.uludagbilisim.com/SetSystem0%Avira URL Cloudsafe
http://www.uludagbilisim.com/T0%Avira URL Cloudsafe
http://www.uludagbilisim.com/GuncellemeAl_ORTAKEXE0%Avira URL Cloudsafe
http://www.uludagbilisim.com/VeriGeriYuklemeBildir20%Avira URL Cloudsafe
http://www.uludagbilisim.com/KontrolKurulum0%Avira URL Cloudsafe
http://www.uludagbilisim.com/SUTList0%Avira URL Cloudsafe
http://www.uludagbilisim.com/#0%Avira URL Cloudsafe
http://www.uludagbilisim.com/HekimKodu0%Avira URL Cloudsafe
https://eposta.saglik.gov.tr0%Avira URL Cloudsafe
http://ws.nbys.com.tr/NBYS-WS/NBYS_AHWS.asmx10%Avira URL Cloudsafe
http://www.uludagbilisim.com/CSorgula0%Avira URL Cloudsafe
http://www.uludagbilisim.com/ASM_HekimVerileriniGonder0%Avira URL Cloudsafe
http://www.uludagbilisim.com/HekimKoduIlIle0%Avira URL Cloudsafe
http://www.uludagbilisim.com/TU0%Avira URL Cloudsafe
http://www.uludagbilisim.com/M_MLog0%Avira URL Cloudsafe
http://www.uludagbilisim.com/VeriGeriYuklemeBildir0%Avira URL Cloudsafe
http://www.uludagbilisim.com/GuncellemeOnayla_ASM0%Avira URL Cloudsafe
http://www.uludagbilisim.com/SRDll0%Avira URL Cloudsafe
http://www.uludagbilisim.com/maps/multimaps.php0%Avira URL Cloudsafe
http://ws.nbys.com.tr/nbys.aspx?f=aile_hekimligi/logo/)Kullanmak0%Avira URL Cloudsafe
http://mobilws.nbys.com.tr/NBYS_MobilWS.asmx0%Avira URL Cloudsafe
http://www.uludagbilisim.com/0%Avira URL Cloudsafe
http://ws.nbys.com.tr/NBYS-WS/NBYS_AHWS.asmx0%Avira URL Cloudsafe
http://www.uludagbilisim.com/MobilSMSGet0%Avira URL Cloudsafe
http://www.uludagbilisim.com/OrtakASM0%Avira URL Cloudsafe
http://www.uludagbilisim.com/ASM_HekimVeriGonder0%Avira URL Cloudsafe
http://www.uludagbilisim.com/MobilSMSSet0%Avira URL Cloudsafe
http://www.uludagbilisim.com/GuncellemeAl0%Avira URL Cloudsafe
http://www.uludagbilisim.com/OrtakIl0%Avira URL Cloudsafe
http://www.uludagbilisim.com/UDT0%Avira URL Cloudsafe
http://www.uludagbilisim.com/GuncellemeOnayla0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
ax-0001.ax-msedge.net
150.171.28.10
truefalse
    		high

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://www.uludagbilisim.com/M_MUsrUbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://sina.saglik.gov.tr/#/loginsMerkezbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.uludagbilisim.com/A1bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.uludagbilisim.com/LoggAbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.uludagbilisim.com/GuncellemeleriAl_ASMbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.uludagbilisim.com/GuncellemeAl_ASMNETbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.uludagbilisim.com/LoggbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.ttrehber.turktelekom.com.trbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.uludagbilisim.com/OrtakKurbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.uludagbilisim.com/GuncellemeAl_ASMbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.uludagbilisim.com/CEklebGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.uludagbilisim.com/MerkezKontrolbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.uludagbilisim.com/DegreKontrolbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.uludagbilisim.com/M_MNotbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.uludagbilisim.com/SMDllbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://ws.nbys.com.tr/nbys.aspx?f=aile_hekimligi/yardimci/bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.uludagbilisim.com/OrtakDosyalariAlbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://ws.nbys.com.tr/nbys.aspx?f=aile_hekimligi/rtf/UstYazi.rtfbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.uludagbilisim.com/DSActbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.uludagbilisim.com/O_SS1bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namebGcxY1mXHe.exe, 00000000.00000002.2244340371.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpfalse
      		high
      http://www.uludagbilisim.com/SifremiUnuttumbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.gmail.comYe-PostabGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.uludagbilisim.com/AHKontrolbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://ws.nbys.com.tr/nbys.aspx?f=aile_hekimligi/aktarim/GFirebirdSql.Data.FirebirdClient.dllbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: malware
      		unknown
      http://www.uludagbilisim.com/MerkezKontrol_ASMbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.uludagbilisim.com/EExtrabGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.uludagbilisim.com/Sozlesme_OnaylabGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.uludagbilisim.com/Sozlesme_RTFbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://eradyoloji.saglik.gov.tr/TeletipServlet?tcNo=bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.uludagbilisim.com/GuncellemeAlKurulumbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.merkezlab.com)#LblKullaniciBilgibGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://ws.nbys.com.tr/nbys.aspx?f=aile_hekimligi/Forms/?bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.uludagbilisim.com/AktivasyonKodubGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.uludagbilisim.com/OMCbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.uludagbilisim.com/GuncellemeleriOnaylabGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://maps.google.com?q=bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        		high
        http://www.uludagbilisim.com/GuncellemeAl_HSTSbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.uludagbilisim.com/OrtakASMsbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://ws.nbys.com.tr/nbys.aspx?f=aile_hekimligi/rtf/bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.uludagbilisim.com/HekimVerileriniGonderbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.uludagbilisim.com/SozlesmeRTFbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://sbu2.saglik.gov.tr/drbilgi)DoktorbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.uludagbilisim.com/M_MUsrbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.uludagbilisim.com/M_OLogAbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.uludagbilisim.com/AKareKodbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.uludagbilisim.com/BursaDiyabetbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.uludagbilisim.com/DegreDosyalariAlbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://ahuzem.ybu.edu.tr/login/index.phpwAilebGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://ats.saglik.gov.trbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.uludagbilisim.com/ImportVersionbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.uludagbilisim.com/DuyurularbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.uludagbilisim.com/BayilerbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.uludagbilisim.com/AktarimLogbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://recetem.enabiz.gov.trbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.uludagbilisim.com/HSTSDurumbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.uludagbilisim.com/IPAdresiGetirbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.uludagbilisim.com/maps/singlemap.php?adres=bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://ws.nbys.com.tr/inet.aspbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.hsm.gov.tr)#LblKullaniciNesnebGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.uludagbilisim.com/AktivasyonVeBayiKontrolbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.uludagbilisim.com/KurulumKontrolbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.uludagbilisim.com/AktivasyonKontrolbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://ws.nbys.com.tr/nbys.aspx?f=aile_hekimligi/bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.uludagbilisim.com/KurumAdbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.uludagbilisim.com/SetSystembGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.uludagbilisim.com/TbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.uludagbilisim.com/Merkez_KontrolbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.uludagbilisim.com/GuncellemeAl_ORTAKEXEbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.uludagbilisim.com/VeriGeriYuklemeBildir2bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://eposta.saglik.gov.trbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.uludagbilisim.com/SUTListbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.google.com/search?q=Uhttps://tts.voicetech.yandex.net/tts?text=bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
          		high
          http://www.uludagbilisim.com/KontrolKurulumbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.uludagbilisim.com/#bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.uludagbilisim.com/HekimKodubGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://ws.nbys.com.tr/NBYS-WS/NBYS_AHWS.asmx1bGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.uludagbilisim.com/CSorgulabGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.uludagbilisim.com/HekimKoduIlIlebGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.uludagbilisim.com/ASM_HekimVerileriniGonderbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.uludagbilisim.com/maps/multimaps.phpbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.uludagbilisim.com/M_MLogbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.uludagbilisim.com/VeriGeriYuklemeBildirbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.uludagbilisim.com/TUbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://mobilws.nbys.com.tr/NBYS_MobilWS.asmxbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.uludagbilisim.com/SRDllbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.uludagbilisim.com/GuncellemeOnayla_ASMbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://ws.nbys.com.tr/nbys.aspx?f=aile_hekimligi/logo/)KullanmakbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://upx.sf.netAmcache.hve.4.drfalse
            		high
            http://www.uludagbilisim.com/bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.kamusm.gov.tr/islemler/sertifikami_aldim_ne_yapmaliyim-MUAYENEbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              http://ws.nbys.com.tr/NBYS-WS/NBYS_AHWS.asmxbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.uludagbilisim.com/OrtakASMbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.uludagbilisim.com/MobilSMSGetbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.uludagbilisim.com/MobilSMSSetbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.uludagbilisim.com/ASM_HekimVeriGonderbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.uludagbilisim.com/UDTbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.uludagbilisim.com/GuncellemeAlbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.uludagbilisim.com/OrtakIlbGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.uludagbilisim.com/GuncellemeOnaylabGcxY1mXHe.exe, 00000000.00000002.2271265100.0000000008FCE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000007ECE000.00000004.00000800.00020000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2305129026.000000000C3DD000.00000004.08000000.00040000.00000000.sdmp, bGcxY1mXHe.exe, 00000000.00000002.2246327503.0000000005ECE000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown

              World Map of Contacted IPs

              No contacted IP infos

              General Information

              Joe Sandbox version:41.0.0 Charoite
              Analysis ID:1577871
              Start date and time:2024-12-18 20:53:17 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 5m 57s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:19
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:bGcxY1mXHe.exe
              renamed because original name is a hash value
              Original Sample Name:f748d14f449da06b028b4617ca2142cd.exe
              Detection:MAL
              Classification:mal64.winEXE@2/5@0/0
              EGA Information:
              • Successful, ratio: 100%
              HCA Information:
              • Successful, ratio: 97%
              • Number of executed functions: 10
              • Number of non-executed functions: 1
              Cookbook Comments:
              • Found application associated with file extension: .exe

              Warnings

              • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WerFault.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 20.42.73.29, 23.218.208.109, 40.126.53.7, 20.223.36.55, 20.190.177.84, 13.107.246.63, 172.202.163.200, 2.19.193.40, 173.222.162.64, 20.199.58.43, 150.171.28.10, 104.126.37.154
              • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, tse1.mm.bing.net, g.bing.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, umwatson.events.data.microsoft.com, prod.fs.microsoft.com.akadns.net
              • Report size getting too big, too many NtSetInformationFile calls found.
              • VT rate limit hit for: bGcxY1mXHe.exe

              Simulations

              Behavior and APIs

              TimeTypeDescription
              14:54:22API Interceptor1x Sleep call for process: WerFault.exe modified

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              ax-0001.ax-msedge.netdownload.ps1Get hashmaliciousUnknownBrowse
              • 150.171.27.10
              PyIsvSahWy.exeGet hashmaliciousUnknownBrowse
              • 150.171.27.10
              bandwidth_monitor.exeGet hashmaliciousUnknownBrowse
              • 150.171.27.10
              Ball - Temp.data for GCMs.docGet hashmaliciousHTMLPhisherBrowse
              • 150.171.27.10
              https://launch.app/plainsartGet hashmaliciousHTMLPhisherBrowse
              • 150.171.27.10
              random.exe.2.exeGet hashmaliciousLummaCBrowse
              • 150.171.27.10
              stail.exe.3.exeGet hashmaliciousSocks5SystemzBrowse
              • 150.171.28.10
              file.exeGet hashmaliciousUnknownBrowse
              • 150.171.27.10
              R0SkdJNujW.exeGet hashmaliciousUnknownBrowse
              • 150.171.28.10
              index.html.docxGet hashmaliciousUnknownBrowse
              • 150.171.27.10

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bGcxY1mXHe.exe_dbbd2ee5b4b74d8342bff393eea049e7e2d75f2d_27f84fef_1f40a44f-4af0-4bb8-9708-1a9197be451c\Report.wer

              Download File
              Process:C:\Windows\SysWOW64\WerFault.exe
              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
              Category:dropped
              Size (bytes):65536
              Entropy (8bit):1.1050468290488602
              Encrypted:false
              SSDEEP:192:hu/wkruH/0BU/qautB+DqzuiFRZ24IO8k:hWLruMBU/qa4JzuiFRY4IO8k
              MD5:26D1D3055BD0D311C350DD12A9B22FA8
              SHA1:5AB13735041C7103642A562E03F177F0CD68BCF6
              SHA-256:1A2F990AC2C7B1A472C3D69CA59769CBB24759CFD8C6219B489AC317B7588D90
              SHA-512:FB0B66DB64E413B418DC4FC9ECB6225F07C071F3B200E927381A6B1EA3ABE2E173D7429E5342432A6E94F019B9F5905EE8C078C8100E000DA58F95CC7EBC0F87
              Malicious:true
              Reputation:low
              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.0.2.5.2.5.7.1.3.0.5.6.5.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.0.2.5.2.5.7.7.7.1.2.0.8.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.f.4.0.a.4.4.f.-.4.a.f.0.-.4.b.b.8.-.9.7.0.8.-.1.a.9.1.9.7.b.e.4.5.1.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.a.2.9.2.5.a.d.-.4.7.1.6.-.4.9.2.5.-.b.f.c.6.-.a.a.8.7.4.8.7.f.4.9.8.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.b.G.c.x.Y.1.m.X.H.e...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.N.B.Y.S. .A.H...N.E.T...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.a.0.-.0.0.0.1.-.0.0.1.5.-.e.3.a.9.-.c.1.9.c.8.6.5.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.9.0.7.0.0.c.c.f.b.d.6.a.7.c.9.d.8.e.0.f.1.a.c.d.2.b.8.7.7.b.2.0.0.0.0.0.0.0.0.!.0.0.0.0.6.2.2.c.a.7.c.3.0.e.4.1.a.9.1.7.1.0.6.9.c.8.9.4.7.6.6.e.a.3.4.3.b.

              C:\ProgramData\Microsoft\Windows\WER\Temp\WER712D.tmp.dmp

              Download File
              Process:C:\Windows\SysWOW64\WerFault.exe
              File Type:Mini DuMP crash report, 15 streams, Wed Dec 18 19:54:17 2024, 0x1205a4 type
              Category:dropped
              Size (bytes):309128
              Entropy (8bit):4.200381241945357
              Encrypted:false
              SSDEEP:3072:RpoMoJ+qu5w0Tl/X1T/EbNpCc4uEqSy1BXLTgf:Rix+quNTnIbNpCc47yPTg
              MD5:6855D2DC99C02580C9BE854F351D255E
              SHA1:CE87858AF8A196E5F011431CEDAE337316D33DC0
              SHA-256:9E51C5CF2E137A960F31E29EA2118449898126A3139DCB8ECA0705A40399D4F5
              SHA-512:EEB12953051D3674FFA5AD80A1C59595D48460E1A8FB28A4752A4139E8B6ABC0497FCEFBB8ABF5E17B60E2467D18DA2BDEC8A1FE3922AD85808EAC8B51CF022A
              Malicious:false
              Reputation:low
              Preview:MDMP..a..... .......i(cg....................................$....".......+...L..........`.......8...........T............3..............."...........$..............................................................................eJ......`%......GenuineIntel............T...........e(cg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\Microsoft\Windows\WER\Temp\WER7257.tmp.WERInternalMetadata.xml

              Download File
              Process:C:\Windows\SysWOW64\WerFault.exe
              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
              Category:dropped
              Size (bytes):8430
              Entropy (8bit):3.7073859957117854
              Encrypted:false
              SSDEEP:192:R6l7wVeJFG6IV6Y2DcSUUPGgmfZnTprRK89bTPsfixm:R6lXJE666YRSUFgmfpvzT0f9
              MD5:B3A2A387E434DCBF49B567BD1ADB5539
              SHA1:CEA8485C73BC8C88DE3F85D8B8A3B48EA85F5598
              SHA-256:D66C18456D1C018E83F402102F9FF986C1B653C3B8B6FB61DC94B248C265215F
              SHA-512:3F8D5801A6CF0A54C7D0AA755CDFE4049A83C810D6CDB6B45B079CFFF2DE4BB89F42C307879766B540245A1ED369B9C3BF6C7E76E4144C583E0F2E1B9BEB6962
              Malicious:false
              Reputation:low
              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.0.4.8.<./.P.i.

              C:\ProgramData\Microsoft\Windows\WER\Temp\WER7296.tmp.xml

              Download File
              Process:C:\Windows\SysWOW64\WerFault.exe
              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):4774
              Entropy (8bit):4.5241653692611585
              Encrypted:false
              SSDEEP:48:cvIwWl8zsoJg77aI9nUWpW8VYIAYm8M4JrHKTFYHo+q8vZKQcqjDzEDyd:uIjfuI7BN7VvJrHxHoKZ7cqjDzEDyd
              MD5:6F919B7CF0F163B01ADC22CD4A2408FE
              SHA1:88C230075D30245A58206914A512EB29F76C3D49
              SHA-256:1108E5859B3BA4767BF553C834354FAA2A9BDC11DF75E30529514E7148B781CA
              SHA-512:46BCB7383B435FC696C9174BEB3552C4A1BB6160A5E35700916D60E75D1CB28D3EEBB727724092C7A6256B96B3DDD69C3EAAAE7C9C807EFB4AD9DC1315A2045A
              Malicious:false
              Reputation:low
              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="637136" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

              C:\Windows\appcompat\Programs\Amcache.hve

              Download File
              Process:C:\Windows\SysWOW64\WerFault.exe
              File Type:MS Windows registry file, NT/2000 or above
              Category:dropped
              Size (bytes):1835008
              Entropy (8bit):4.468970730652203
              Encrypted:false
              SSDEEP:6144:5zZfpi6ceLPx9skLmb0fXZWSP3aJG8nAgeiJRMMhA2zX4WABluuNMjDH5S:RZHtXZWOKnMM6bFpOj4
              MD5:5556D26B2886D150EF7A833D36A940B9
              SHA1:9FB752061D1F287C8310EF06E2DA5F276F933544
              SHA-256:161EDFC9DCBE04BE5784262CB7963B77CF50E07364353B04A695AB4CC1AAECC7
              SHA-512:79B84063A4521313473FC123B6A456B613817CD0AAB8FB5AEE3316633ECB014573BADF4CAC8CA1D0875F173D65CA004AFE4FB54A0A45C3E466EFE4B67B038A49
              Malicious:false
              Reputation:low
              Preview:regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.;...Q..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              Static File Info

              General

              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Entropy (8bit):7.995514130278634
              TrID:
              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
              • Win32 Executable (generic) a (10002005/4) 49.78%
              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
              • Generic Win/DOS Executable (2004/3) 0.01%
              • DOS Executable Generic (2002/1) 0.01%
              File name:bGcxY1mXHe.exe
              File size:3'422'208 bytes
              MD5:f748d14f449da06b028b4617ca2142cd
              SHA1:622ca7c30e41a9171069c894766ea343bd726b8b
              SHA256:22d61f9877ded908bb98941c84a0c88295b08ea1541f97f722c2ceb008dc1399
              SHA512:e5cce5004ee9385f3f0aa36bffa5ae0dc65c061753767712dda892ce96646f9e6d3b114e379be353f6514cb7798a55e2ef9951f9fd14d19e34bc357fa157a14e
              SSDEEP:98304:Rf5006C2Ees/bRMGtS8QjOpfx89gIqXXt:rfpeyXtS/4AqX
              TLSH:65F5339163DCC70FD0E45831F217A6198B38B8193134ED93D2A915FE9F0674681A6BBF
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bg..................3...........3.. ........@.. ........................4............................................

              File Icon

              Icon Hash:9b313913395a9a1b

              Static PE Info

              General

              Entrypoint:0x73cd9e
              Entrypoint Section:.text
              Digitally signed:false
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
              DLL Characteristics:
              Time Stamp:0x67629594 [Wed Dec 18 09:27:48 2024 UTC]
              TLS Callbacks:
              CLR (.Net) Version:
              OS Version Major:4
              OS Version Minor:0
              File Version Major:4
              File Version Minor:0
              Subsystem Version Major:4
              Subsystem Version Minor:0
              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

              Entrypoint Preview

              Instruction
              jmp dword ptr [00402000h]
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al

              Data Directories

              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0x33cd500x4b.text
              IMAGE_DIRECTORY_ENTRY_RESOURCE0x33e0000x8600.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0x3480000xc.reloc
              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

              Sections

              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x20000x33ada40x33ae00d8be71ae909b18863d9b8bc3ae71e5f5unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              .rsrc0x33e0000x86000x860005cc0437360526c1c854e97778c68caeFalse0.5586812033582089data5.635471239362184IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .reloc0x3480000xc0x2002b34e8386e6834ed459cc086cb41ae27False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

              Resources

              NameRVASizeTypeLanguageCountryZLIB Complexity
              RT_ICON0x33e3400x668Device independent bitmap graphic, 48 x 96 x 4, image size 11520.4378048780487805
              RT_ICON0x33e9a80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 5120.5416666666666666
              RT_ICON0x33ec900x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 2880.5901639344262295
              RT_ICON0x33ee780x128Device independent bitmap graphic, 16 x 32 x 4, image size 1280.6081081081081081
              RT_ICON0x33efa00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors0.6146055437100213
              RT_ICON0x33fe480x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors0.7450361010830325
              RT_ICON0x3406f00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors0.7753456221198156
              RT_ICON0x340db80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors0.5289017341040463
              RT_ICON0x3413200x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.5432572614107883
              RT_ICON0x3438c80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.6144465290806754
              RT_ICON0x3449700x988Device independent bitmap graphic, 24 x 48 x 32, image size 24000.6459016393442623
              RT_ICON0x3452f80x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.7269503546099291
              RT_GROUP_ICON0x3457600xaedata0.5977011494252874
              RT_VERSION0x3458100x4fadata0.4427001569858713
              RT_MANIFEST0x345d0c0x8d3XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.3935369632580788

              Imports

              DLLImport
              mscoree.dll_CorExeMain

              Network Behavior

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Dec 18, 2024 20:54:49.370203972 CET1.1.1.1192.168.2.60xf052No error (0)g-bing-com.ax-0001.ax-msedge.netax-0001.ax-msedge.netCNAME (Canonical name)IN (0x0001)false
              Dec 18, 2024 20:54:49.370203972 CET1.1.1.1192.168.2.60xf052No error (0)ax-0001.ax-msedge.net150.171.28.10A (IP address)IN (0x0001)false
              Dec 18, 2024 20:54:49.370203972 CET1.1.1.1192.168.2.60xf052No error (0)ax-0001.ax-msedge.net150.171.27.10A (IP address)IN (0x0001)false

              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:14:54:13
              Start date:18/12/2024
              Path:C:\Users\user\Desktop\bGcxY1mXHe.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\Desktop\bGcxY1mXHe.exe"
              Imagebase:0x860000
              File size:3'422'208 bytes
              MD5 hash:F748D14F449DA06B028B4617CA2142CD
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              General

              Target ID:4
              Start time:14:54:16
              Start date:18/12/2024
              Path:C:\Windows\SysWOW64\WerFault.exe
              Wow64 process (32bit):true
              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 1300
              Imagebase:0xdf0000
              File size:483'680 bytes
              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              Disassembly

              Reset < >

                Execution Graph

                Execution Coverage:8.4%
                Dynamic/Decrypted Code Coverage:100%
                Signature Coverage:0%
                Total number of Nodes:15
                Total number of Limit Nodes:3
                execution_graph 15221 1579e88 DuplicateHandle 15222 1579f1e 15221->15222 15223 1579838 15224 157987e GetCurrentProcess 15223->15224 15226 15798d0 GetCurrentThread 15224->15226 15227 15798c9 15224->15227 15228 1579906 15226->15228 15229 157990d GetCurrentProcess 15226->15229 15227->15226 15228->15229 15232 1579943 15229->15232 15230 157996b GetCurrentThreadId 15231 157999c 15230->15231 15232->15230 15233 157fda8 15234 157fdf0 GetModuleHandleW 15233->15234 15235 157fdea 15233->15235 15236 157fe1d 15234->15236 15235->15234

                Executed Functions

                Function 01571168 Relevance: .8, Instructions: 840COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2243521797.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_1570000_bGcxY1mXHe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d6dbb157b9e3b202368989672488c871a7893402de5be744f2dd45c4bf01a665
                • Instruction ID: ce869919e61a2b5a5a0f6e5df8254e41f164977be4007189c54c1534006c5ed6
                • Opcode Fuzzy Hash: d6dbb157b9e3b202368989672488c871a7893402de5be744f2dd45c4bf01a665
                • Instruction Fuzzy Hash: 5F729E31A00A05CFC719CF69D4C4AAEBBF2FF85310B29C969D556AB655D730E882CF90
                Function 01579828 Relevance: 6.1, APIs: 4, Instructions: 134threadCOMMON
                Download Yara Rule

                Control-flow Graph

                APIs
                • GetCurrentProcess.KERNEL32 ref: 015798B6
                • GetCurrentThread.KERNEL32 ref: 015798F3
                • GetCurrentProcess.KERNEL32 ref: 01579930
                • GetCurrentThreadId.KERNEL32 ref: 01579989
                Memory Dump Source
                • Source File: 00000000.00000002.2243521797.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_1570000_bGcxY1mXHe.jbxd
                Similarity
                • API ID: Current$ProcessThread
                • String ID:
                • API String ID: 2063062207-0
                • Opcode ID: 5cc3d214cc15213615c2db90bcace5cc84e51d954fba79cbb82cec40a152c7cc
                • Instruction ID: 482cba6472ce4505a38d08d4f9023893a5fff95bbadbcf88b720daf585010579
                • Opcode Fuzzy Hash: 5cc3d214cc15213615c2db90bcace5cc84e51d954fba79cbb82cec40a152c7cc
                • Instruction Fuzzy Hash: 9D5167B090034A8FEB54CFAAE549BEEBBF1FF88314F208459E019AB350D7755944CB65
                Function 01579838 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                Download Yara Rule

                Control-flow Graph

                APIs
                • GetCurrentProcess.KERNEL32 ref: 015798B6
                • GetCurrentThread.KERNEL32 ref: 015798F3
                • GetCurrentProcess.KERNEL32 ref: 01579930
                • GetCurrentThreadId.KERNEL32 ref: 01579989
                Memory Dump Source
                • Source File: 00000000.00000002.2243521797.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_1570000_bGcxY1mXHe.jbxd
                Similarity
                • API ID: Current$ProcessThread
                • String ID:
                • API String ID: 2063062207-0
                • Opcode ID: 2c46564f94b46457375358819cce6ad5357aba855c5225c1070a22c3bda18d5f
                • Instruction ID: bbdcbe813fb502dc5ab72d0d8a3ab70032ae8f011062a03a7befd5d198282052
                • Opcode Fuzzy Hash: 2c46564f94b46457375358819cce6ad5357aba855c5225c1070a22c3bda18d5f
                • Instruction Fuzzy Hash: 1D5178B090034ACFEB54CFAAE549BAEBBF1FF88314F208459E019A7360DB755944CB65
                Function 01579E81 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 67 1579e81-1579e83 68 1579e88-1579f1c DuplicateHandle 67->68 69 1579f25-1579f42 68->69 70 1579f1e-1579f24 68->70 70->69
                APIs
                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 01579F0F
                Memory Dump Source
                • Source File: 00000000.00000002.2243521797.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_1570000_bGcxY1mXHe.jbxd
                Similarity
                • API ID: DuplicateHandle
                • String ID:
                • API String ID: 3793708945-0
                • Opcode ID: 3f87b6095df4f40db68172248a17a7fa2a38e9117d57a81bf64339790e898ebb
                • Instruction ID: 327c54c7f4eef575d665bb57bdcdd1593212c84069af7fc288735649e2ebe39a
                • Opcode Fuzzy Hash: 3f87b6095df4f40db68172248a17a7fa2a38e9117d57a81bf64339790e898ebb
                • Instruction Fuzzy Hash: 0121E5B5900209AFDB10CF9AD985ADEFFF8FB48324F14841AE914A7310D374A954CFA5
                Function 01579E88 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 73 1579e88-1579f1c DuplicateHandle 74 1579f25-1579f42 73->74 75 1579f1e-1579f24 73->75 75->74
                APIs
                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 01579F0F
                Memory Dump Source
                • Source File: 00000000.00000002.2243521797.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_1570000_bGcxY1mXHe.jbxd
                Similarity
                • API ID: DuplicateHandle
                • String ID:
                • API String ID: 3793708945-0
                • Opcode ID: 690781c5b90e74678a4219db7b9e87c831878344ccb67fae8b2e2999f3d093f6
                • Instruction ID: 0693b5674209e7c81de5039f9050652526b00009f9497356f8eccea626a4b0c5
                • Opcode Fuzzy Hash: 690781c5b90e74678a4219db7b9e87c831878344ccb67fae8b2e2999f3d093f6
                • Instruction Fuzzy Hash: 0C21C4B5900249AFDB10CF9AD984ADEFFF4FB48324F14841AE918A7350D374A954CFA5
                Function 0157FDA8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 78 157fda8-157fde8 79 157fdf0-157fe1b GetModuleHandleW 78->79 80 157fdea-157fded 78->80 81 157fe24-157fe38 79->81 82 157fe1d-157fe23 79->82 80->79 82->81
                APIs
                • GetModuleHandleW.KERNELBASE(00000000), ref: 0157FE0E
                Memory Dump Source
                • Source File: 00000000.00000002.2243521797.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_1570000_bGcxY1mXHe.jbxd
                Similarity
                • API ID: HandleModule
                • String ID:
                • API String ID: 4139908857-0
                • Opcode ID: 333dcc11dc2e016ce0fd2e12235a7b426c7b567c1ee31f14cf5535038c29dd41
                • Instruction ID: 35352d107675da47c65d785594dcf4544e875d54b636cff1119f64d14ca0494d
                • Opcode Fuzzy Hash: 333dcc11dc2e016ce0fd2e12235a7b426c7b567c1ee31f14cf5535038c29dd41
                • Instruction Fuzzy Hash: AA110FB6C006498FDB10CF9AD444A9EFBF4BB88624F20841AD928AB210D379A545CFA1
                Function 0117D630 Relevance: .1, Instructions: 75COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2242904107.000000000117D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_117d000_bGcxY1mXHe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 76ab3452b5e822fde0b949148cd50cf031d51e1547e0d58bb6832cf283e54900
                • Instruction ID: 1cf0b308051e4b696f99e11a970e3741b94863e172c990c735b0350fa60ab662
                • Opcode Fuzzy Hash: 76ab3452b5e822fde0b949148cd50cf031d51e1547e0d58bb6832cf283e54900
                • Instruction Fuzzy Hash: 3F21F1B6504248EFDF09DF54E9C0B26BF76FF88314F20856DE9090A356C376D456CAA2
                Function 0118D01C Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2242946763.000000000118D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0118D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_118d000_bGcxY1mXHe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a2f94979833e08b11010a2800021a689149e001b9510881d4cb4d415bd741221
                • Instruction ID: 1551f7b8411781e0bfea0df1c0e897d663beb994431da95f0991ebffa818898d
                • Opcode Fuzzy Hash: a2f94979833e08b11010a2800021a689149e001b9510881d4cb4d415bd741221
                • Instruction Fuzzy Hash: 01210075604304EFDF19EF94E9C0B26BB61EB84314F20C56DD90A4B292C77AD407CE62
                Function 0117D62B Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2242904107.000000000117D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_117d000_bGcxY1mXHe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                • Instruction ID: 5018e927632a38176f18ffc8849aaf91de1d7971f3dbf2ad495c4ae550291180
                • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                • Instruction Fuzzy Hash: 5D11AF76504288CFCF16CF54E5C4B16BF72FB88314F2485A9E8090B257C33AD456CBA1
                Function 0118D017 Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2242946763.000000000118D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0118D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_118d000_bGcxY1mXHe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                • Instruction ID: f833f8d228289d16d170c80c725dfc748e4d85785ef5827690c5bde5288fccad
                • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                • Instruction Fuzzy Hash: C511BB75504384CFDB16DF54E5C4B15BBA2FB84314F24C6AAD8494B696C33AD40BCFA2

                Non-executed Functions

                Function 0157EB0C Relevance: .3, Instructions: 264COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2243521797.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_1570000_bGcxY1mXHe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e9df46a2ce082a015cea5141c3c2d0bcb61c5544dc29590bf1dd2902fa6bae74
                • Instruction ID: 081c1494cfa6c3edab532953670185195fd21cfb85f1292635a4c5989b9ef662
                • Opcode Fuzzy Hash: e9df46a2ce082a015cea5141c3c2d0bcb61c5544dc29590bf1dd2902fa6bae74
                • Instruction Fuzzy Hash: E2A19032E0020ACFCF05DFB5E8414AEBBB2FF85300B1545AAE916AF261DB75E955CB50